The Catalan government has announced an €18.6 million cybersecurity strategy, its largest-ever investment in digital defence, to protect critical public services from a dramatic rise in cyberattacks. The plan prioritises shielding the healthcare sector and local administrations, which have become prime targets for online criminals.
Your browser does not support the video tag.
The move by the Generalitat de Catalunya comes in response to what officials describe as an escalating digital threat. According to the Catalan Cybersecurity Agency, it detected a staggering 6.9 billion attempted attacks on public information systems last year, a 38% increase on the previous year. Of these, 3,372 incidents required direct intervention, a rise of 26%.
Primarily financed by the European Union’s Next Generation Funds, this new investment will fund around 30 distinct measures over the next year. It follows a decade where cybercriminals have increasingly targeted government bodies, with a reported €1.7 million in fraud attempts against the Catalan administration in recent years.
“We are increasingly exposed to more threats,” said the Catalan Presidency Minister, Albert Dalmau. He described the investment as “historic” and essential to increase protection “for all citizens, businesses, local councils, and the government’s critical services.”
Healthcare and Critical Services Prioritised
The healthcare sector will receive the largest single portion of the funds, with €4.5 million allocated to protect social and mental healthcare centres. The plan includes conducting comprehensive stress tests to determine the data exposure of 68 hospitals and 21 primary care centres across Catalonia.
Laura Caballero, director of the Catalan Cybersecurity Agency, stressed the vulnerability of medical institutions. “The medical sector is very attractive to cybercriminals,” she said in a statement published by Catalan News. “If someone wants to harm a country, a hospital is something that must be protected.”
“Zero risk does not exist.”
The strategy will also use €1.2 million to bolster other critical digital services. These include the online system for reporting gender-based violence, the personal health app La Meva Salut, systems holding data on minors, and applications used by the Catalan police force, the Mossos d’Esquadra.
Tackling Human Error and Future Challenges
Recognising that technology is only part of the solution, the strategy allocates €3.3 million to training and awareness, particularly for local administrations. The agency notes that an estimated 60% of data leaks stem from human error. The strategy will roll out an improvement plan across the 23 largest city councils, four provincial councils, and 40 county councils.
The plan is also forward-looking, earmarking €4.1 million to prepare for the threat posed by quantum computing. This investment will focus on developing tools and upgrading systems to resist potential quantum-based attacks that could break current encryption standards.
To address a shortage of skilled professionals, Catalonia will launch a “cyberacademy” in June 2026. With a budget of €1.2 million, it aims to reduce the gap between industry demand and the supply of qualified cybersecurity experts.
Empowering Citizens and Businesses
Beyond public services, the strategy includes measures to help ordinary citizens and small businesses. The strategy will develop an intelligent assistant, likely an app or website, to help the public identify suspicious messages and potential scams. Users will be able to submit emails or messages to a “cyberscan” system for analysis and advice.
The government also plans to work with representatives from small and medium-sized enterprises (SMEs) in the technology sector. The goal is to provide guidance on certification and regulatory compliance, strengthening a key part of the digital supply chain that often lacks the resources for robust cybersecurity.
