Barcelona reinforces its cybersecurity in the face of increasing threats
Barcelona City Council strengthens its systems in response to the wave of cyberattacks in recent months.
Barcelona City Council has stepped up its protective measures in response to the sustained rise in cyberattacks targeting the institution.
According to David Esteban, the City Council’s Chief Information Security Officer (CISO), in a recent interview with La Vanguardia, more than 25,000 security incidents had been recorded by May 2025, a figure that already matches the total for the whole of 2024.
The main attack vectors have been phishing campaigns, which compromised employee credentials, and distributed denial-of-service (DDoS) attacks, which were particularly intense in March. According to Esteban, this surge coincides with actions by pro-Russian groups in response to Barcelona’s institutional stance in support of Ukraine.
In response to this situation, measures have been implemented, such as the rollout of two-factor authentication (2FA) for all City Council staff, which has significantly reduced unauthorised access. Continuity and recovery protocols have also been strengthened to ensure the delivery of essential services in the event of an incident.
As Esteban emphasised in the interview, ‘We were already on high alert, but we are now at maximum alert level,’ and he stressed the need for close collaboration between public authorities and the private sector to address emerging risks together.
Barcelona maintains a cybersecurity strategy that combines advanced technology, robust protocols, and an organisational culture focused on resilience. The city continues to collaborate with other capitals such as Madrid, Málaga and Rome to share real-time detection and response strategies and reaffirms its commitment never to yield to blackmail or pay ransoms.