Eight out of ten Spanish companies does not have enough employees in their departments of cybersecurity, according to the report the state of cybersecurity in Spain, performed by Deloitte.
In addition, almost all the surveyed companies recognize having suffered some kind of attack during the year 2021.

The report, carried out based on the responses provided by the cybersecurity responsible for more than 100 companies in the country, reveals that 44% of companies have less than five people dedicated to this activity and 16%, between five and ten.
This data clashes with the distribution of signatures, whose thickness is composed of companies between 0 and 499 employees (32%) and between 1,000 and 4,999 (34%).

While the sample is too small to be representative of the Spanish business tissue and does not have much presence of SMEs, there is a fact that, although it loses forcefulness when extrapolating is very striking: 94% of companies have suffered at least one incident
Severe security for 2021.

The attacks increased considerably with respect to 2020 and, although prevention helps reduce its impact or mitigate its effects, the experts in cybersecurity warn that now that all teams are connected enough for criminals to access a company.

So, phishing (to pass by another person or identity to get credentials or install malicious software) and ransomware (attacks that block equipment and servers and threaten to delete the information unless a rescue is paid) are two of the trends most used by the
hackers.
In fact, many times they go hand in hand and the first technique is used to perform one of these ‘kidnappings’ as the one suffered by the SEPE in March of last year.

Deloitte also highlights how only 11% of companies do not have external staff dedicated to cybersecurity.
This department has charged even more importance after the pandemic, which first established – he inaugurated, in many cases – teleworking and then led thousands of companies to explore electronic commerce.
In fact, cybersecurity professionals and cloud architects are two of the professions most requested by companies.
Both, that the labor market is not able to form workers at the rate that are demanded.

At the level of reviews of critical applications, collects the report, only 66% of the companies consulted reviewed at least half of them and, on the other hand, only 21% of critical applications are reviewed in full.

From the study, yes, it is clear that it seems to have grown awareness in this aspect, since the financial resources that are destined to the department have increased.
In addition, those responsible – the figure of the CISO, or Chief Information Security Officer – has increased by 12% its presence in the Management Committee.

There is also a positive difference in the number of companies that does not have a security certification: it falls 11%.
Of course, there are still almost half of the companies, because there are still 49% without these certifications.
According to the report, they received the vast majority of cybercorers, with 69% of the total.

With regard to the training and awareness of the rest of workers, at the moment it seems that the online model is imposed (chosen by more than half of the companies in both cases).
In spite of this, 11% of the companies recognize that this type of classes does not impart.