Since 2019, the European Union has prioritized cybersecurity as an essential component of achieving “digital sovereignty,” enabling independence in the digital world in line with ethical principles and data protection. European Commission President Ursula von der Leyen emphasizes its importance in Europe establishing “its own decisions, based on its own values, respecting its own rules” in digital technology. Cybersecurity is vital for the European Data Strategy and the development of reliable artificial intelligence. Compared to other European countries, Spain shows a strong commitment in this area, the country recognizes cybersecurity as an area of interest and seeks to strengthen its business sector under the Spain Digital 2026 Strategy.
Several European efforts, such as the European Cybersecurity Competence Center and the Network of National Coordination Centers, support the identification of cybersecurity talent. The following analysis will focus on assessing indicators of research excellence, financial resources and training offerings in institutions that host researchers involved in cybersecurity R&D&I. This analysis is part of a more extensive one that can be examined in chapter 8 of the IV Report on Science and Technology in Spain of Fundación Alternativas.
Cybersecurity research is characterized by its interdisciplinary approach, encompassing fields such as computer engineering, cryptography and social sciences such as criminology and social psychology, as well as the emerging economics of information security. The National Security Scheme (ENS) details that it involves guaranteeing the resistance of data and services to actions that compromise their availability, authenticity, integrity or confidentiality.
ENISA (European Union Agency for Cybersecurity) identifies eight priority areas of research, such as cryptography, authentication, database security, intrusion detection, hardware and software security, as well as legal, economic and social aspects of cybersecurity. These areas address key issues such as privacy, ethics and the acceptance of surveillance technologies in a constantly evolving digital security context.
ENISA’s priority areas of cybersecurity research
For the analysis of the state of cybersecurity research in Spain, the databases Google Scholar , Teseo and Scopus , among others, were used to gather information on the quality of cybersecurity research. Authors’ publications were evaluated, including the number of citations and the H-index. In addition, data on the researchers’ work history and the weighted impact of citations per research topic were taken into account.
To analyze the quality of the research, Davide Balzarotti’s “Security Circus” database, which includes papers accepted at leading conferences in information security and privacy, was also used. These conferences are considered to be of high quality and are evaluated according to the GII-GRIN-SCIE database. The analysis is presented below organized by autonomous communities and research entities. We will distinguish between 4 areas: existence of research groups, projects carried out, cybersecurity education and private sector.
Cybersecurity Research Groups in Spain
To analyze research groups in cybersecurity, cryptography and data privacy, as well as those in security aspects related to emerging technologies such as artificial intelligence, 5G and quantum technology. Among others, the “citation impact weighted by subject” has been taken into account to assess the influence of the publications of each group, the size of the workforce, the presence of women in each group or their level of knowledge transfer.
We can see that there is a critical mass of researchers in Catalonia and the Community of Madrid, with multiple universities and research centers specialized in cybersecurity. Groups are also identified in other regions of Spain, and Spanish researchers with papers accepted at prestigious cybersecurity conferences, with IMDEA Software standing out as the center with the most contributions to these conferences, followed by IMDEA Network, the Polytechnic University of Madrid and the Carlos III University of Madrid, among others.
Cybersecurity research projects in Spain
In the context of European and national research projects, it has been seen that it is the Community of Madrid that leads in terms of execution of European projects (36%) and national projects (26%). However, if we look deeper, we will see that the companies that win more European projects are based in the Basque Country, while the Polytechnic University of Madrid leads among educational institutions with more European projects. In terms of national projects, the Polytechnic University of Catalonia stands out as the leader, followed by the Carlos III University of Madrid, the University of Granada and the Polytechnic University of Madrid, among others.
Community | Percentage of H2020 projects accepted granted | Percentage of AEI projects granted |
Comunidad de Madrid | 36.3% | 26.3% |
Cataluña | 22.0% | 19.5% |
País Vasco | 12.9% | 4.1% |
Comunidad Valenciana | 9.1% | 10.0% |
Andalucía | 4.8% | 15.8% |
Others | 14.9% | 24.3% |
Educational offer in Cybersecurity in Spain
In relation to the educational offer in cybersecurity in Spain, a total of 5 undergraduate degrees and 53 master’s degree programs have been identified, of which 29 are catalogued as official degrees by the Ministry of Education. These degrees are mainly concentrated in the Community of Madrid, Catalonia, Castile and Leon, Andalusia and the Valencian Community.
In addition, the growth in the number of theses related to cybersecurity since 2010 stands out, with the Community of Madrid, Catalonia and Andalusia as the regions with the highest concentration of PhDs in this field, led by the Polytechnic University of Catalonia and the Polytechnic University of Madrid in the training of PhDs in cybersecurity.
Cybersecurity theses defended in Spain by year
Cybersecurity in the Private Sector
In terms of cybersecurity capabilities in private companies, a total of 92 companies dedicated to cybersecurity work have been identified and it has been observed that the Community of Madrid leads with a total of 60 companies out of the 92 identified, followed by Catalonia, Basque Country, Valencian Community, Andalusia and Asturias in descending order of presence in the Spanish industrial landscape. The geographical location of these companies suggests the presence of human capital and B2B clients, with many companies opting for the Community of Madrid as their headquarters for commercial reasons.
It is important to note that it is difficult to identify companies that are 100% Spanish in this sector, as they are often subject to management changes due to acquisitions and internal restructuring. For example, Panda, founded in Bilbao in 1990, became a subsidiary of U.S.-based WatchGuard in 2020. In addition, the French company Thales acquired S21sec in 2022, while the Swedish company Allurity bought Aiuken Solutions in the same year.
Towards smart specialization in Cybersecurity in Spain’s regions.
Smart specialization is an innovative approach that aims to boost growth and job creation by enabling each European region to identify and develop its own competitive advantages. It is also our response to the process of economic globalization, facilitating economic transformation and positioning in global value chains.
The concept of “smart specialization” is crucial for regional development, as it implies that regions must identify strategic areas in which they can specialize to generate distinctive capabilities. This structural change can take different forms, such as transition, modernization, diversification or radical transformation. The key question here is whether regions that are structurally weaker can also benefit from smart specialization. In this sense, smart specialization is most likely to succeed when it involves a wide variety of regional actors in business discovery processes, beyond firms.
This implies a thorough analysis of the strengths, weaknesses, risks and opportunities of each region, which is not only based on information provided by stakeholders, but also requires an external comparative analysis between all the regions involved. Smart specialization, to be effective, must respect local autonomy and enable coordination and analysis mechanisms that allow beneficial decisions to be made at both the local and national levels.
SWOT analysis main dashboard
The relationship between the generation of cybersecurity R&D capabilities and entrepreneurship is fundamental. The acquisition of companies by larger ones can be seen as a business success, but it can also be seen as a loss of digital sovereignty if foreign companies acquire domestic companies. The attraction of foreign players in the national territory can be beneficial if it fosters the creation of local talent and if there are funding mechanisms that promote the creation of new technology companies. In addition, the funding of university chairs dedicated to research, dissemination, teaching and innovation in cybersecurity, managed by institutions such as INCIBE and the Ministry of Economic Affairs and Digital Transformation, can be an effective strategy to foster collaboration between universities, companies and research centers and promote the development of local competencies in cybersecurity.
Our cybersecurity research chairs proposal
Based on the analysis presented, a distribution of 16 cybersecurity research chairs in different regions of Spain is proposed. This includes chairs in the Community of Madrid and Catalonia to consolidate exceptional research results and promote the creation of technology companies. Chairs are also assigned to Andalusia and the Basque Country to attract and retain university talent and meet the growing demand for qualified professionals in these regions.
Community | Location of the chair | Principal Investigator |
Madrid | IMDEA Software | Gilles Barthe |
Madrid | Universidad Politécnica de Madrid | Victor Abraham Villagrá González |
Madrid | Universidad Carlos III | Juan Manuel Estevez Tapiador |
Cataluña | Universitat Politècnica de Catalunya | Miquel Soriano |
Cataluña | Universitat Rovira i Virgili | Josep Domingo-Ferrer |
Cataluña | Universitat de Lleida | Josep Mª Miret |
Andalucía | Universidad de Málaga | Javier López Muñoz |
Andalucía | Universidad de Granada | Pedro García Teodoro |
País Vasco | Mondragón Unibertsitatea | Urko Zurutuza Ortega |
País Vasco | Universidad de Deusto | Pablo García Bringas |
Canarias | Universidad de la Laguna | Pino Caballero Gil |
Castilla la Mancha | Universidad de Castilla la Mancha | Eduardo Fernández-Medina Patón |
Castilla y León | Universidad de León | María Teresa Trobajo de las Matas |
Galicia | Universidade de Vigo | Marcos Curty Alonso |
Islas Baleares | Universitat de les Illes Balears | Josep Lluís Ferrer-Gomila |
Murcia | Universidad de Murcia | Félix Gómez Mármol |
In addition, chairs are proposed to foster bidirectional knowledge transfer between regions, which could be achieved through thesis tribunals, joint teaching activities and collaborative national projects. Ultimately, policies to foster R&D&I and collaboration between universities, companies and research centers will be essential to make the most of these chairs and promote the creation of a local skills market in the context of the global cybersecurity ecosystem.