The Cybersecurity Agency of Catalonia, which protects the information systems of the Generalitat and its areas of action, has managed a total of 6.544 cyber incidents during 2025, the majority with low impact, mainly related to leaks of credentials, leaks or illegitimate access to personal or corporate accounts. This figure representa an increase of 94%, almost double, compared to the incidents it handled in 2024, which were 3.372. The data has been extracted from the Agency activity report for the 2025 financial year.
This increase reflects the increase in cyber threats that is being registered on a global scale, as well as the improvement in the Agency's own capacity to detect and respond to cyber incidents in the early stages. In fact, during 2025 it has detected more than 9.100 billion attempted attacks directed against the information systems and people in the areas it manages, of which more than 7.000 billion have been blocked automatically and immediately. Therefore, almost eight out of ten attacks detected have been stopped, thanks to all the perimeter security mechanisms deployed. However, attacks that manage to overcome the first protection barrier are stopped by other detection and protection systems before they have an impact on the public services of the Generalitat de Catalunya. In comparison, the previous year, around 6.900 billion attacks were detected and 5.000 billion were blocked, representing a 32% increase in detection in the last year.
Of the attack attempts that managed to overcome the various barrierseres protection, the Agency has managed 6.544 cybersecurity incidents, of which 234 have required complex management due to the sophistication of the attackers and, of this latter set, 26 have been serious incidents that have required the execution and coordination of crisis committees to remedy them. Serious incidents have decreased by 21% (26 in 2025 and 33 in 2024), which shows that the robustness of security systems is higher.
Among the main projects to stop the increase in incidents, during 2025 cybersecurity improvements have been introduced in the workplace environment, to guarantee more effective protection of the identity of users and devices of the Generalitat de Catalunya.
The sector that has suffered the most incidents has been the university sector, with 2.931 cases, closely followed by the healthcare sector (2.162 cases) and the Generalitat de Catalunya (1.962). Given this situation, the Agency has emphasized the protection of the university sector and the improvement of the quality of the service. Regarding the healthcare sector, in 2025 the Agency and the Department of Health have extended the deployment of the cybersecurity protection model to 49 social and health care centers and 44 mental health centers that are part of the comprehensive public health system of Catalonia (SISCAT), to integrate them under the umbrella of the Agency and guarantee homogeneous and robust protection of the entire healthcare system against cyber threats.
Today, the Agency offers protection to a total of 331 entities, which include the 68 SISCAT hospitals and the 8 public universities, in addition to all the departments of the Generalitat de Catalunya.
Regarding the type of incidents, the most common have occurred through the exposure of passwords and information due to leaked credentials or leaks (3.427 cases), due to illegitimate access to personal or corporate accounts (2.573), due to the distribution and execution of malicious software (367) and also due to identity theft with the aim of stealing credentials or sensitive information (102 cases).
The role of the AOC
With the aim of strengthening Catalan local administrations, the AOC collaborates with the Cybersecurity Agency of Catalonia in several pilot projects. This initiative transfers the experience of the AOC's own transformation to the territory, extending its model and offering new services that strengthen the resilience of the local world.
