Recovery takes 277 days. That's nine months of operational wounds.
71% of Spanish companies have suffered cyberattacks with 277-day average recovery times, creating massive economic losses and operational inefficiency across sectors. Izertis targets €500M revenue by 2030 with 20.9% YoY growth; Prosegur's Cipher unit sees 35% incident increases in regulated sectors; Gigas focuses on sovereign cloud and SME protection.
- 71% of Spanish companies have suffered cyberattacks with 277-day average recovery time
- Izertis: €166.9M revenue in 2025 (+20.9% YoY), targeting €500M by 2030
- Prosegur Cipher: 35% incident increase in regulated sectors; cybersecurity now 40% of group sales
- Grupo Gigas: €75.6M revenue in 2025, 40% operating cash flow growth; 60% of attacked SMEs close within 6 months
Three Spanish publicly traded companies—Izertis, Prosegur, and Grupo Gigas—are leveraging cybersecurity as a key growth driver amid regulatory pressures (NIS2, DORA) and rising cyberattacks, with strong financial performance and strategic positioning.
Spain's cybersecurity market is moving fast, and three publicly traded companies have positioned themselves to ride that wave. Izertis, Prosegur, and Grupo Gigas have each made deliberate bets that digital security will become central to their business models—not a side service, but a primary engine of growth.
The tailwind is real. Regulatory pressure from frameworks like NIS2 and DORA, combined with a sharp rise in actual cyberattacks, has forced organizations across Spain to harden their defenses. The numbers tell the story: 71 percent of Spanish companies have already been hit by a cyberattack. When one strikes, recovery takes an average of 277 days—nearly nine months of operational disruption, data loss, and financial hemorrhaging. That kind of pain creates demand. The market now hungers for managed security services running around the clock, advanced threat detection platforms, and cloud infrastructure that keeps data within national borders.
Izertis has woven cybersecurity into the fabric of its digital consulting practice. The company combines security expertise with cloud and data capabilities, helping clients navigate new regulations and defend against rising threats. It deploys security-by-design principles and managed services, offering risk analysis, regulatory compliance work, and protection of critical infrastructure under a Zero Trust model. The company runs 24/7 monitoring centers and incident response teams. Last year, Izertis closed with revenues of 166.9 million euros, up 20.9 percent from 2024. Profit from continuing operations grew 1.83 percent to 4.45 million euros. The company is targeting 500 million euros in revenue by 2030, with normalized EBITDA of 65 million—a goal to be reached through organic growth, acquisitions in niche cybersecurity areas, and international expansion. An analyst at Estrategias de Inversión notes that Izertis shows solid potential through its specialization in advanced digital transformation solutions and its capacity for selective acquisitions. The valuation looks reasonable: the market prices it at a 34x price-to-earnings ratio, but when adjusted for expected earnings growth of 93 percent, the PEG ratio drops to 0.37x, suggesting undervaluation.
Prosegur, the security services giant, has built a dedicated cybersecurity unit called Cipher. This division has expanded into threat analysis, vulnerability management, and critical infrastructure protection. Cipher saw a 35 percent increase in incidents across regulated sectors over the past year—a sign of how much demand has shifted toward managed security services. The unit's xMDR platform uses artificial intelligence and advanced analytics to detect and neutralize threats proactively, integrating with existing infrastructure and automating low-value tasks. Prosegur is also pushing solutions that merge physical and digital security into a single operational view, a pitch that resonates especially with banks, logistics companies, and retailers. In the first quarter of 2026, Prosegur reported net profit of 33 million euros, up 15.2 percent from the same period in 2024. EBITA reached 87 million, with organic growth near 8 percent across all business lines. Cybersecurity and other high-margin services now represent roughly 40 percent of Prosegur's sales, compared to traditional surveillance work, which carries much thinner margins. The company also pays a generous dividend, offering shareholders both yield and valuation that looks modest relative to earnings.
Grupo Gigas has built its model around sovereign cloud infrastructure, managed services, and regulatory compliance. The company holds Spain's highest cloud security certification (ENS Alto) and maintains ISO 27001 and PCI DSS standards, which has strengthened its position with government agencies and regulated industries. Gigas combines its own infrastructure with cybersecurity services aimed at small and medium-sized businesses, public agencies, and enterprises that need to keep data within Spanish borders. The company has expanded its catalog to include secure backup, business continuity, advanced monitoring, and hybrid cloud protection. Its g-Cyberprotect solution offers managed security that protects devices, data, and communications with expert support and a 24/7 security operations center. The stakes for SMEs are high: according to Gigas research, 60 percent of small businesses hit by a cyberattack shut down within six months. The average cost per incident exceeds 75,000 euros, yet only 38 percent of organizations have active monitoring in place. Gigas finished 2025 with revenues of 75.6 million euros and adjusted EBITDA of 16 million, meeting its targets. Operating cash flow jumped 40 percent to 19.7 million euros thanks to disciplined working capital management. The company has undergone internal reorganization, bringing in talent focused on customer relationships and sales, aiming to bring its strong technical capabilities to market more effectively.
The broader context matters. Cloud services are growing at 14 percent annually. Cybersecurity is expanding at 20 percent per year. Artificial intelligence is accelerating at over 30 percent. For companies with the right positioning and execution, the next five years look like a runway.
Citas Notables
Cybersecurity and high-margin services now represent roughly 40% of Prosegur's sales, compared to traditional surveillance work, which carries much thinner margins.— Analyst assessment of Prosegur's business mix
Cloud services grow at 14% annually, cybersecurity at 20%, and artificial intelligence at over 30%.— Market growth context cited by analyst María Mira
La Conversación del Hearth Otra perspectiva de la historia
Why does cybersecurity suddenly matter so much to investors in these three companies?
Because it's not a cost center anymore—it's a profit center. Margins on managed security services are two or three times higher than on traditional surveillance or basic IT work. These companies are shifting their revenue mix toward those higher-margin services.
But isn't cybersecurity a commodity? Can't any tech company offer it?
Not really. You need scale, 24/7 operations, deep expertise in compliance frameworks, and often physical infrastructure. Gigas has sovereign cloud certification. Prosegur has a security operations center and incident response teams. Izertis has consulting relationships with large enterprises. Those aren't easy to replicate.
The source mentions that 71 percent of Spanish companies have been attacked. Doesn't that mean the market is already saturated?
The opposite. It means the problem is widespread and urgent. Most companies still don't have adequate defenses. The average recovery time is 277 days—that's a massive operational wound. Companies are desperate to avoid that. Demand is still outpacing supply.
What's the risk here? What could go wrong?
Regulatory frameworks like NIS2 could change the rules faster than these companies can adapt. Competition from larger global players could intensify. And if the economy slows, companies might defer security spending. But right now, regulation is pushing spending up, not down.
Why is Gigas different from the other two?
Gigas is smaller and more specialized. It's built around sovereign cloud and SME protection. Izertis and Prosegur are larger, more diversified. Gigas is betting that data sovereignty and compliance will be the moat. It's a narrower play, but in a growing market.
What should someone watching these companies pay attention to?
Watch how much of their revenue comes from managed services versus one-time consulting or infrastructure sales. Watch their customer retention rates. And watch whether they're winning contracts in regulated sectors—banking, government, healthcare. That's where the real money is.