Cybersecurity, investment in the euro area to reach EUR 75 billion

In Europe, the curve is also positive. Cyber spending in the eurozone is today at around50 billion, but is heading towards USD 75.6 billion by 2029, with a stable CAGR of around 10-11 per cent. But 2025 could mark a slowdown, say the most up-to-date estimates. Blame sluggish economic growth, geopolitical instability and trade tensions that slow down investment decisions. Also weighing down are US tariffs policies. European companies, although aware of the risks, are thus having to recalibrate their budgets. And to choose: defend themselves or postpone. In Italy - according to Deloitte - it is estimated that 52% of companies expect an increase in cybersecurity investments within the next two years, in view of the number of attacks that private companies in particular suffer each year (see graphic) also "as a result of the geopolitical tensions that are occurring," said the director of the National Cybersecurity Agency Bruno Frattasi.

Meanwhile, technology races and methods of cyber attacks evolve. Security is trying to keep up. According to the report, by 2028 companies globally will change the way they protect themselves. Today, businesses manage dozens of security tools, often disconnected from each other. A maze of technologies that slows down It teams and opens up new attack surfaces. But the future speaks of platform consolidation: 45% of companies will rely on fewer than 15 tools for their entire digital defence, compared to the current fragmentation. A shift towards efficiency.

But it is not enough to reduce. It is necessary to anticipate. This is where preemptive cybersecurity comes in: security that does not wait for damage to occur before reacting, but prevents it. If today only 5% of IT spending is allocated to prevention, this will rise to 50% by 2030. A reversal of priorities: from alarm to anticipation, from firewall to prediction. Investment will be made in behavioural analysis, predictive models, intelligent automation.

The driving force, as always, artificial intelligence. But not the generic kind this time. The heart of the new security will be the Domain-specific language models (Dslm): language models designed to read, interpret and neutralise digital threats in real time. Today, only 10% of solutions use them. By 2028, they will be integrated into 75 per cent of cyber defences.

In recent months, Spain has experienced an escalation of cyber attacks affecting not only the private sector, but also critical infrastructures and public institutions. At the end of May, an organisation under the name 'Vaquilla' put up for sale on the dark web a database containing 5.1 million Amazon España customer records, including name, DNI, telephone, e-mail address and postal data. Amazon claimed to have no evidence of a breach in its systems, speculating that the exfiltration may have come from a compromised partner or supplier.

At the same time, the renowned researcher Rubén Santamarta, a specialist in electricity network security, confirmed that the blackout was not due to a cyber attack, although his technical hypothesis shows that an action by the state or advanced groups would have been possible.

Between November and February, the National Centre for Agricultural Research and Technology (INIA), part of CSIC, was hit by ransomware: at the time of the attack, hundreds of servers and workstations were encrypted, causing interruptions in research processes. To date, full recovery is still in progress.

Finally, in late 2024, the Trinity group claimed an attack on the Agencia Tributaria, claiming to have stolen 560 GB of sensitive data and demanded USD 38 million. However, the agency denied any direct compromise, suggesting that the source could be an external provider, however, raising alarm about the escalation of sophisticated ransomware against strategic infrastructures.

These events confirm how attacks in Spain simultaneously affect consumers, production chains, research centres and infrastructures, reinforcing the trend outlined for the euro area: cybersecurity is no longer just a technological urgency, but a matter of systemic resilience. The Spanish scenario exemplifies well the transition from reaction to prevention: from the protection of perimeter barriers, we move to end-to-end armouring based on AI, DSLM and platform consolidation, necessary to cope with increasingly diverse attacks - from data theft to hyper-technological blackouts, from espionage to double extortion.

*This article is part of the European collaborative journalism project "Pulse"