Spain is one of the largest economies in the European Union, and a significant market for US companies offering Network and Information Technology security solutions. The report will provide an overview of the regulatory framework on cybersecurity in Spain, expected trends, key organizations and companies, and best prospects for U.S. companies.
In 2009, 51.3 percent of Spanish households had a broadband connection to the Internet, while the penetration rate of mobile phones stood at 110 percent. Approximately 95 percent of SMEs have internet connection.
Although there is a perceived lack of clear statistics on the cybersecurity sector, according to a 2007 report on the industry by the company Penteo, the market for IT security in Spain would be estimated at €720 million, of which €47 million would be related to hardware, €214 million to security software and €457 million to IT security services.
An earlier report by IDC (2006) mentioned the following data: €617 Million Euros for the whole IT security sector, of which €53.7 million (8.7% of the total) would be related to IT security hardware, €224.4 millions (36.4% of the total) represented IT security software and finally €339.1 millions (54.9% of the total) would reflect IT security services.
Growth rates in this sector have since been affected by the restriction on IT budgets on all customer segments, especially among the Public Administration and small and medum sized companies, due to the ongoing economic crisis. Some factors that might facilitate future demand growth for cybersecurity solutions in Spain are: The Spanish eDNI project: Spain is progressively replacing the national ID document with electronic identity cards incorporating a digital certificate (eDNI). Over 15 million have been issued so far. It is expected to play a pivotal role in the development of eAdministration in Spain.Major Spanish corporations will continue to adopt cybersecurity solutions to ensure business continuity, data protection, and the compliance with international standards and local regulations.
Protection of Critical Infrastructures: Over 3,500 critical infraestructures are catalogued in Spain by the National Center for the Protection of Critical Infrastructures (CNPIC), launched in 2007. The increased international focus on cybersecuring critical installations is likely to be followed up on by Spanish authorities.
Some inhibiting factors for demand of IT security in Spain frequently mentioned are: Home users and SME’s have insufficient knowledge of their security needs. Most organizations take a reactive role in IT security, rather than a proactive one, and little effort is made to foster personal and organizational behavior patterns enhancing IT security. In small and medium size companies, qualified personnel with relevant cybersecurity experience is scarce.
The current economic situation is putting pressure on the IT budgets, especially significant on Public Administration.
Regarding cyberthreats, Spain is mentioned by the Anti-phishing working group 2009 4Q report as one of the countries with more websites hosting malicious code. Additionally, the Spanish Institute for communication technology (Inteco), reported in 2008 that the evolution of infections on home computers maintained a slightly upward trend throughout 2007. Thus, 8 of every 10 computers are housing one or more malicious codes on the system. The annual average for 2007 stands at 79.3% of computers infected (not always seriously) in Spanish households.
Industry U.S. vendors play a very important role in cybersecurity in Spain, but it is to be noted Spanish companies in this area have traditionally been very active. The Spanish government is intent on promoting the development of the sector and facilitating R&D. Most multinationals in the sector are present in Spain directly or through partners. The local industry has developed a Consultancy Council on Cybersecurity (Consejo Nacional Consultor sobre Cyberseguridad) which is open only to companies headquartered in Spain. Many IT and communications companies, such as telecoms operators, are entering the cybersecurity market through the provision of services, or creating IT security divisions.
Regulatory framework In Spain there is not single agency responsible for network information security nor comprehensive legislation on cybersecurity. Responsibility is shared by multiple entities, such as the Ministry of Industry, Ministry of Interior and the Ministry of Defense, depending mostly on the type of end users affected. Some of the key legislation is this area is listed below:
RD 3/2010 on National Security Framework for eGovernment. Law 34/2002 on Information Society Services and Electronic Commerce Law 59/2003 on Electronic Signature transposed the EU Directive 1999/93/EC on a Community Framwork for Electronic signatures into Spanish law. RD 1553/2005 regulates the issuance of the national ID document and its eSignatures certificates. It has been amended by RD 1586/2009, of 16th December. Organic Law 15/1999, on Protection of Personal Data, regulates the processing of personal data in the public and private sector, in line with the EU Data protection Directive (95/46/EC) Law 32/2003 on General Telecommunications ENISA, The European Network and Information Security Agency, provides a detailed description on Spanish legislation framework and recent policy measures on their country report, as well as a description and contact information for all the main organizations focusing on cybersecurity in Spain.
Among these, we can highlight the CERTS (Computer Emergency Rsponse Teams): The three key computer emergency response teams in Spain are Inteco-Cert, Iris-Cert and CCN-Cert. In addition, there are three additional CERTS depending from La Caixa (the largest savings bank in Spain), the Politechnical University of Catalonia, and the Valencia Regional Government. CCN-Cert also acts as coordinator for the other five response teams.
Other relevant organizations are the National Center for Protection of Critical Infrastructure, which is part of the Ministry of Interior, the Telematic Crimes Group of the Civil Guard (Guardia Civil) and the National Police Information Technology Crime Investigation Unit (Policia Nacional).
Best prospects and trends Spanish Companies and Public Administration entities are not likely to embark on major cybersecurity projects in the next few years, but the need to confront online threats is a driver of growth. Specific product demand will be similar with that of any other major economy in the EU.
Demand in technology solutions related to development of eAdministration in Spain is also likely to grow. Managed security services are likely to have higher demand by key end-users over hardware/software purchases in the Spanish market.
Considerations for U.S. companies accessing the Spanish market Overall demand for software is expected to be affected in 2010 by the Spanish economic context and by specific issues related to each type of customer. Nevertheless, government spending is fueled by the drive to increase available e-government services and by the health sector and therefore are likely to be maintained.
The Spanish Information and Communications Technology (ICT) market is highly competitive, yet affords significant opportunities for U.S. companies. More than 70 percent of IT company headquarters are located in two autonomous regions, Madrid and Catalonia (the region including Barcelona). The total number of IT companies in Spain is estimated at 13,000. Wholesalers and distributors play an important role in the market.
Under the Information Technology Agreement, to which the EU is a signatory, there is no tariff on computer equipment and software sourced from the United States. However, under the U.S.-Spain double-taxation treaty, a withholding tax applies to deliveries of U.S. software.
Total Market Size
Total Local Production
Imports from the U.S.
Exchange rates used USD to Euro: 0.805 (2004), 0.795 (2005), 0.804 (2006)
The above statistics are unofficial estimates. Data is shown is USD Million.
The Spanish software market is highly competitive, yet affords significant opportunities for U.S. companies. The software market accounts for close to 15 percent of the Spanish IT market. Since 2003, it has continued to experience a high growth rate.
In 2005, the market breakdown by type of software reflected strong growth over the previous year in the following categories: Multimedia software (38.4 percent), software for vertical applications (19.5 percent) and communications software (11.7 percent). Nevertheless, operation systems software still represents about 25 percent of total sales, followed by horizontal software applications (19 percent) and communications software (19 percent). Spain has a relatively high level of software piracy, although enforcement is improving.
Demand for software is fueled by the positive Spanish economic context and by specific issues related to each type of customer. Consumer spending on software is fueled by the increased penetration of broadband services in Spanish households, and the related demand for multimedia software. Government spending is fueled by the drive to increase available e-government services and by the health sector. As for the business sector, the drivers for demand in major corporations are integrated IT security, business process management and document management. Small and medium-sized companies are starting to adopt more vertical applications as well as on-demand software, especially for CRM purposes.
More than 70 percent of IT company headquarters are located in two autonomous regions, Madrid and Catalonia (the region including Barcelona). The total number of IT companies in Spain is estimated at 13,000. Wholesalers and distributors play an important role in the market.
As of 2000, under the Information Technology Agreement, to which the EU is a signatory, there is no tariff on computer equipment and software sourced from the United States. However, under the U.S.-Spain double-taxation treaty, an 8 percent withholding tax applies to deliveries of U.S. software.
Software focused on vertical applications
IT security software\
Software associated with increased use of Internet and multimedia PCs by consumers
On-demand software will experience an expanded customer base
Open source software for local and regional government entities
Solutions for systems integration
Internet Users Rank
Internet Users Date of Information
Telephones - mobile cellular
Cell Phone Rank
Cell Phone Date of Information
Telephones - main lines in use
Telephones Date of Information
GDP - real growth rate(%)
Growth Date of Information
GDP - per capita
GDP/pc Date of Information
GDP Date of Information
Pop Date of Information
July 2003 est.
The Fiesta de San Ysidro took place while I was in Madrid, Spain.