Catalonia launches 'historic' cybersecurity strategy to shield public services from growing threats

The government is launching a new cybersecurity strategy with a planned investment of €18.6 million to protect health centers and local administrations.

The plan looks to develop around 30 measures over the next year that focus on prevention, prioritizing the healthcare sector and public digital services.

"Zero risk does not exist," said the director of the Catalan Cybersecurity Agency, Laura Caballero.

Last year, the agency detected 6.9 billion attacks on public information systems, an increase of 38%. Of these, the agency managed 3,372 incidents that required intervention, 26% more than the previous year.

The agency also predicts an increase in digital scams due to the large amount of stolen data and the use of artificial intelligence. 

"We are increasingly exposed to more threats," said the Catalan presidency minister, Albert Dalmau. For this reason, this "historic" economic investment will increase protection "for all citizens, businesses, local councils, and the government's critical services," he said. 

Healthcare and digital services

From the total investment, €4.5 million will be allocated to protect social and mental healthcare centers. Stress tests will be carried out to determine the degree of exposure of data from 68 hospitals and 21 primary care centers. 

The medical sector is "very attractive to cybercriminals," Caballero said. "If someone wants to harm a country, a hospital is something that must be protected," she said. 

The plan looks to expand the protection of public digital services considered critical, such as the gender-based violence reporting system, La Meva Salut app‒a personal digital health space‒, minors' data, and applications used by Catalan police. A total of €1.2 million will be allocated to this sector to carry out tests to check the degree of exposure to cyberattacks. 

Priority will also be given to investing in emerging technologies that can help address the threat posed by quantum computing. One of the planned actions is to invest €4.1 million in developing tools and preparing systems to resist potential quantum attacks.

Citizen awareness and training 

To improve citizens' digital security awareness and skills, an intelligent assistant will be launched offering cybersecurity advice and solutions with a cyberscan identification system. The tool is expected to be an app or a website that citizens could use to check suspicious messages or potential scams they receive by email.

Regarding local communities, an improvement action plan will be implemented in the 23 largest city councils, the four provincial councils, and 40 county councils to raise awareness and provide training for employees. Since 60% of data leaks come from human error, €3.3 million will be allocated in this area. 

In addition, a cyberacademy will be launched in June 2026 offering training in cybersecurity and new career opportunities. The objective is to reduce the gap between the sector's demand and supply of professionals trained in cybersecurity by allocating €1.2 million.

Supporting small businesses 

The strategy also aims to protect small and medium-sized businesses in the technology sector. It plans to work with business representatives to offer guidance and support on certification and regulatory compliance. The goal is to strengthen cybersecurity in this key part of the supply chain, as many of these ICT companies lack the resources to properly protect themselves.