/// Data for Europe, MENA and Canada.
ENISA analysed 4,875 cybersecurity incidents in the EU between July 2024 and June 2025, with 81.1% involving ransomware and public administration as the most targeted sector (38.2%). In Spain, cyberattacks increased 35% in 2025, surpassing 45,000 attacks per day. In Saudi Arabia and UAE, the average cost of a cyberattack reaches $6.53 million, 69% above the global average. In Canada, 86.5% of organizations experienced at least one cyberattack in the past 12 months.
Reference: ENISA Threat Landscape 2025, European Union Agency for Cybersecurity Reference: Elderecho.com, "Los ciberataques en España crecen un 35% en 2025" Reference: IBM Cost of a Data Breach Report (Middle East) Reference: CDW Canada Cybersecurity Study 2024
The average cost of a data breach is $3.62M globally. In Spain, the average cost for an SMB is estimated at €75,000, while public entities can exceed €250,000. In Canada, it reached CA$6.98M in 2025, a 10.4% increase over 2024. In Saudi Arabia, the average sits at $6.53M per incident. 78% of SMBs globally fear that a serious attack could shut them down.
Reference: NightDragon SMB Market Report, September 2024 Reference: Cámara Valencia, "Qué coste económico y empresarial puede suponernos un ciberataque" Reference: IBM Cost of a Data Breach Report 2025 (Canada) Reference: Positive Technologies, Cybersecurity Threatscape in the Middle East 2022-2023
60% of SMBs close within six months of a severe cyberattack. 75% say they could not continue operating if hit with ransomware. In Spain, 96% of organizations were targeted by cyberattacks in 2024, with 66% reporting an increase in frequency and complexity. In Canada, only 11% of SMBs have a formal incident response plan, while 52% have none. Across Europe, ENISA warns that attackers now weaponize new vulnerabilities within days of disclosure.
Reference: NightDragon SMB Market Report, September 2024 Reference: IT Digital Security, "El 96% de las empresas españolas ha sido blanco de ciberataques" Reference: Insurance Bureau of Canada, 2025 Reference: ENISA Threat Landscape 2025
In Europe, DDoS attacks accounted for 77% of reported incidents, while ransomware operations are decentralizing through RaaS models. In Spain, SMEs represent around 70% of all cyberattack targets. Canada ranks second globally for countries most affected by ransomware. In Saudi Arabia, 75% of enterprises have increased their cybersecurity budgets since 2022.
Reference: ENISA Threat Landscape 2025, European Union Agency for Cybersecurity Reference: EFE / Google, "El 43% de los ciberataques son a pymes" Reference: KELA Cyber Threat Intelligence Report 2025 Reference: PwC Middle East Cybersecurity Survey
43% of all cyberattacks globally target SMBs, yet 71% have no dedicated security staff. The average SMB juggles 4-7 disconnected security tools with no correlation. In Canada, 74% of businesses hit by ransomware end up paying the ransom. Public administrations face similar exposure: 38% of all EU cyber incidents targeted public administration. In Spain, both SMBs and public administrations remain the most vulnerable points in the national cybersecurity chain.
Reference: NightDragon SMB Market Report, September 2024 Reference: CIRA Canadian Cybersecurity Survey 2025 Reference: ENISA Threat Landscape 2025
NIS2 and DORA in Europe are creating mandatory cybersecurity spending floors, expanding requirements to mid-market firms previously exempt. In Spain, the ENS (Esquema Nacional de Seguridad) mandates specific security standards for all public sector entities and their suppliers. Saudi Arabia's NCA and PDPL enforce strict data residency and protection standards. Canada's PIPEDA and provincial privacy laws add compliance complexity. Organizations that fail to comply face fines and operational restrictions.
Reference: European Commission, NIS2 Directive Reference: CCN-CERT / Centro Criptológico Nacional, Esquema Nacional de Seguridad Reference: Saudi National Cybersecurity Authority (NCA), National Cybersecurity Strategy 2025 Reference: Office of the Privacy Commissioner of Canada, PIPEDA