Digitized, but with unprotected networks: what the latest study on cybersecurity in Spanish companies reveals

Many companies believe they are doing well in cybersecurity because they have antivirus software, backups, and cloud tools. However, they have one area that needs improvement: the advanced digitization of their network infrastructure. This infrastructure is one of the first lines of defense against any cyberattack. Digital maturity is not measured by the number of tools implemented, as the robustness of the architecture, such as the solution provided by Saiwall SD-WAN, which integrates them, is key.

The recent report* by the Spanish Chamber of Commerce's Business Competitiveness Observatory - Cybersecurity 2026 confirms this: 87.6 % of companies consider themselves digitized (intermediate or advanced level). However, only 42.9 % have a formal cybersecurity strategy, and advanced network protection measures are far from widespread, especially among SMEs. In other words, companies have accelerated their digitization, but networks do not always keep pace with protection.

* The study is based on a survey of 400 companies with at least one employee throughout the country. The sample is distributed according to two disaggregation criteria: sector (Industry, Construction, Commerce, Hospitality, and Other Services) and size (1 to 9 employees, 10 to 49 employees, more than 50 employees).

Organizations have made progress in basic cybersecurity measures such as antivirus software, backups, and software updates. But when we look at network security, the picture changes.

In large companies, 94.1% report having a firewall and 76.5% a VPN; in micro-enterprises, these percentages drop to 66.8% and 44% respectively. Many SMEs already work with cloud applications and remote access to critical data over networks that are not up to their level of exposure, without adequate segmentation or consistent encryption between sites and remote users.

The Spanish Chamber of Commerce report notes that the data reflects a real effort to improve protection. However, the measures focus mainly on basic and endpoint controls, while the network infrastructure continues to be perceived more as a box to tick than as the core of the organization's defense. At SAIMA SYSTEMS, we insist that more tools do not equate to greater resilience if they are not integrated into a robust, flexible, and scalable network design.

• Confidence without strategy. 68.5% of companies consider themselves well protected against cyberattacks, but only 42.9% have a formal cybersecurity strategy. Many feel secure without having defined exactly how their network protects data and communications, or what role it plays in business continuity.

   

• Focus on basic controls. Companies are increasingly implementing measures, but they focus on basic controls: antivirus (95.8%), backups (95.0%), and updates (89.1%). Without advanced network digitization, these measures do not guarantee consistent defense or a real reduction in the attack surface.

   

• Lack of knowledge. Almost half of companies (49.4%) already contract managed security services, but more than 30% admit that they do not know which solutions to implement, and 28.3% cite technological complexity as an obstacle.

In 2025, the year the survey was conducted, 62.8% of companies outsourced their cybersecurity management to specialized external personnel, while specialized internal personnel fell to 16.4%. Among smaller companies, dependence on providers is even greater: in companies with 1 to 9 employees, 62% entrust cybersecurity to external teams and only 14.1% have specialized internal resources.

However, outsourcing management does not replace the need for a well-designed network architecture. If the corporate network infrastructure is fragmented into isolated devices and configurations by location, even the best provider operates on a limited basis. Without an advanced network infrastructure, it is difficult to apply consistent policies, ensure real segmentation, monitor lateral traffic between locations, manage remote working consistently, or automate incident response.

In this context, SAIWALL Secure SD WAN bridges the gap between digitization and network security. It is a software-defined networking (SD-WAN) solution that integrates connectivity and cybersecurity into a single platform: advanced firewall, encrypted VPN, segmentation by location and user type, and centralized traffic management between offices, stores, branches, and teleworkers. The network is no longer just connectivity; it becomes critical security infrastructure, designed from the ground up to reduce risk.

For companies that already outsource their cybersecurity, SAIWALL SD-WAN offers precisely that common control point to deploy consistent policies, monitor what is happening at each node in the network, and react quickly to incidents.

SAIWALL SD-WAN helps simplify. With this solution, the company adopts a platform that concentrates key network and security functions in a service model that can be adjusted to its reality. In an environment where many companies feel digitized but still have unprotected networks, treating communications infrastructure as a strategic piece of cybersecurity is a process that cannot wait.