Cybersecurity as an engine of digital entrepreneurship

Informatec Digital » Resources » Cybersecurity as an engine of digital entrepreneurship

To talk about entrepreneurship today without talking about cybersecurity and privacy It's falling short. In an environment where companies are connected, automated, and supported by the cloud, the ability to continue operating normally in a digital world full of risks It has become a competitive advantage that is as powerful as it is difficult to measure. When everything is going well, no one thinks about security; but the day something goes wrong, everyone looks there.

This paradox explains why cybersecurity is often perceived as an expense and not as what it really is: a direct driver of growth, innovation, and business opportunitiesStartups and SMEs that understand this from the beginning can move faster, gain the trust of customers and investors, comply with increasingly demanding regulations, and take advantage of public programs that are injecting hundreds of millions of euros into the cybersecurity entrepreneurial ecosystem in Spain.

Cybersecurity as a silent competitive advantage

In many organizations, when security works, apparently Nothing headline-worthy happensThe systems are still running, the team is selling, producing, or serving customers as usual, and the feeling is that everything is going smoothly. This normalcy is precisely the true success of cybersecurity: a chain of processes, controls, and decisions that prevent technical incidents from escalating into business crises.

The problem arises when an attempt is made to justify the investment to management with the argument, "Look at the disaster that didn't happen." This way of measuring the value of safety forces us to talk about hypothetical negative scenarios and of avoided losses that are never seen, which makes it difficult to compete for budget against areas that can show sales, new customers, or products launched on the market.

Furthermore, this approach fuels a dangerous bias: if a company has survived for years with low investment in security, some managers conclude that “enough is enough.” However, cybersecurity risks They have a long, fat tailYears can pass without serious incidents… until a single attack has a devastating, even existential, impact on the business.

The key is to rephrase the question. Instead of “how do we prove that nothing bad has happened?”, it is more useful to ask “What does cybersecurity allow us to do that we otherwise couldn't do?"There, tangible issues arise such as being able to enter new, highly regulated markets, signing contracts with large clients that demand strict standards, ensuring continuous operations, or gaining competitiveness against less protected rivals."

From this perspective, security ceases to be a hindrance and becomes a facilitator: a necessary condition for innovating, scaling, and taking business risks in a controlled mannerIt's not just about avoiding losses, but about maximizing the company's room for maneuver in a hostile environment.

Harsh reality: SMEs, startups and the cost of a cyberattack

Small organizations face a daily contradiction: they have the fewest resources to invest in protection, but they are also the ones that more suffer the direct impact of a cyberattackThe digitization of processes, online sales, cloud-based productivity tools, and connected ERPs has dramatically increased their exposure surface without always having a correspondingly adequate security strategy.

The data is devastating: several studies indicate that in Spain, nearly 90% of companies have been affected by some cyber threat in 2024For an SME, the blow can be fatal: the average estimated cost of an attack is around €35.000, and approximately 60% of small businesses end up closing within six months of a serious incident. We're not just talking about ransomware ransoms, but also... data loss, production stoppages, service disruptions, or a breakdown in customer trust.

To make matters worse, attackers know that SMEs are easier targets than large corporations, which typically have dedicated teams, 24/7 SOCs, and more robust architectures. Thus, small businesses find themselves caught in the crossfire. They need to digitize to remain competitiveBut that same digitization exposes them to a level of risk that many have not yet internalized.

In sectors such as agriculture and livestock, manufacturing, automotive, energy, and tourism—especially relevant in regions like Castile and León—digitalization has led to a leap in efficiency, traceability, and quality. However, the hyperconnectivity of machinery, IoT sensorsERPs and logistics systems It also multiplies the attack vectors. An incident not only entails economic losses, but also damage to reputation, physical security, and even the supply chain.

Hence, cybersecurity has become a basic requirement for business continuity, on par with liquidity or access to talent. Being prepared for an attack is no longer optional.It makes the difference between managing a crisis with limited damage or facing a scenario of closure, regulatory fines and massive loss of customers.

INCIBE: a national pillar for digital trust

In this context, Spain has a top-tier strategic asset: the National Institute of Cybersecurity (INCIBE), headquartered in Castile and León. This public entity, under the Ministry for Digital Transformation and Public Administration, has established itself as a national benchmark in the development of cybersecurity and digital trust for citizens, businesses, the academic network, and strategic sectors.

In 2023 alone, INCIBE managed more than 83.000 cybersecurity incidentsOf these, more than 58.000 directly affected citizens and more than 22.000 affected businesses (including SMEs, micro-enterprises, and the self-employed). This represents a 24% increase compared to the previous year and reflects the constant escalation of threats. In Castile and León, for example, security problems were detected in 185.265 devices, with Valladolid being the most affected province.

INCIBE's mission is clear: to build a safer and more reliable digital environmentTo this end, it offers tools, resources and services ranging from incident management (through INCIBE-CERT) to formation programsAwareness campaigns and expert advice are offered. Their goal is for both businesses and citizens to integrate digital security into their daily lives, thereby reducing the likelihood of successful attacks.

A key element is the Cybersecurity Helpline 017, a national, free and confidential service available from 08:00 to 23:00, 365 days a year, aimed at citizens, businesses, professionals, minors and their environmentFrom basic inquiries to crisis situations, 017 acts as an accessible point of reference for any question or incident related to digital security.

In addition, INCIBE channels and implements numerous initiatives related to Recovery, Transformation and Resilience Plan (PRTR)Funded by Next Generation EU funds, these actions not only aim to reduce risks, but also to boost the cybersecurity industry, foster innovation, and strengthen the entrepreneurial ecosystem throughout the country.

RETECH Cybersecurity: territorial networks and leading projects

One of the major public policy instruments in this area is the initiative RETECH (Territorial Networks of Technological Specialization)Within the framework of the Digital Spain 2026 Agenda, RETECH coordinates regional projects aimed at digital transformation, ensuring coordination and collaboration between autonomous communities, and focusing on areas such as artificial intelligence, enabling technologies, digital health, FashionTech, GreenTech, RuralTech, digital entrepreneurship and, of course, cybersecurity.

The Government has mobilized more than 530 millones de euros of the Recovery Plan, promoting projects with high territorial and economic impact. Within this framework is RETECH Cybersecurity, a strategic initiative coordinated by INCIBE that will involve 17 autonomous communities, with a budget of 162 million euros. Its purpose is to comprehensively develop the Spanish cybersecurity ecosystem: capabilities, industry, R&D&I, and talent.

RETECH Cybersecurity is structured around six nodes, and Castile and León actively participates in node 1, with a budget of €31,7 million. Within this framework, the region is promoting the ARGOS project, which is focused on Strengthening cybersecurity in key sectors such as smart mobility and the aerospace industry, already leading digital transformation processes in these high value-added areas.

To coordinate these actions, an agreement has been signed between the Institute for Business Competitiveness of Castile and León (ICE) and INCIBE. The objective is to promote projects led by the region itself with a real impact on the economy and industry, and to foster the exchange of knowledge and experiences with other regionsthus promoting a more balanced and cohesive development throughout the territory.

This structure will connect with the Spanish National Community through the European Cybersecurity Competence Centre, where INCIBE acts as the National Coordination Centre (NCC-ES). In this way, The capabilities generated in the territories are integrated into a broader European strategy, strengthening Spain's digital sovereignty and competitiveness on the international stage.

INCIBE Emprende: Boosting Entrepreneurship in Cybersecurity

Cybersecurity is also one of the sectors with greater potential for employment and growth in the coming yearsAccording to the "Analysis and Diagnosis of Cybersecurity Talent in Spain," prepared by ONTSI and INCIBE, in 2021 there were 149.774 professionals dedicated to this field in Spain, with a talent gap exceeding 24.000 positions. The market reached almost €1.500 billion in 2020 and is estimated to reach €2.000 billion in 2024, with a compound annual growth rate of 8,12%.

This context has driven the creation of INCIBE EmprendeINCIBE is a specific program designed to support cybersecurity entrepreneurs and startups throughout the entire entrepreneurial cycle, from generating business ideas to incubation and acceleration. Between 2023 and 2026, INCIBE will collaborate with 35 public and private entities to implement various initiatives that will help integrate these projects into the Spanish digital economy.

The program has a budget of 64 million euros and is part of the National Cybersecurity Industry Promotion Program of the PRTR (component 15, investment 7). The focus is on strengthening the cybersecurity capabilities of citizens, SMEs and professionals, while promoting a solid business ecosystem, capable of competing within and outside our borders.

In the specific case of Castile and León, INCIBE Emprende has 17 collaborating entities and an investment of more than 10 billion eurosFurthermore, there is a well-established Alumni network, which brings together some of the most relevant cybersecurity startups on the national and international scene, creating a virtuous circle of talent, funding, collaboration and exchange of experiences.

For entrepreneurs, this translates into something very tangible: specialized support, access to mentors, training programs, visibility and connections with clients and investorsIn a sector as technical and regulated as cybersecurity, having this type of support can make the difference between remaining a good idea or becoming a viable and scalable company.

Acceleration programs: cybersecurity at the service of any startup

Beyond startups whose main product is cybersecurity itself, there is a growing need to support projects in any sector to integrate security from day one. An example of this is the program of Cybersecurity Acceleration for Startups designed by CEINWith a 100% strategic and business-oriented approach, specially designed for CEOs, whether or not they have a technical background.

This program selects a limited number of participants (up to a maximum of 10) and offers them an intensive itinerary that allows them to understand which risks are truly a priority in your caseanticipating the requirements of clients and investors and avoiding common mistakes that, in growth phases, often translate into technical overcosts, commercial delays or loss of opportunities.

The program begins with an individualized assessment in which each startup receives a comprehensive overview of its cybersecurity posture, conducted by an expert. This is followed by a week of intensive, hands-on group training focused on decisions that directly impact the business, customer relationships, and market demands.

The program is completed with individual strategic mentoringThese sessions are geared towards translating decisions into concrete plans. For startups that already have an internal technical team—or where the CEO is technical—additional mentoring hours focused on implementation are offered, thus closing the loop between business vision and technical execution.

The ultimate goal is for participating companies to leave with clear priorities and a realistic roadmapThis aligns with both their current situation and their growth strategy. It's not about turning all the founders into security experts, but rather about ensuring they know where to focus their efforts, what to demand from suppliers, and how to demonstrate maturity to clients, partners, and investors.

Innovation, R&D&I and digital sovereignty in cybersecurity

Another key element for cybersecurity to drive entrepreneurship is the firm commitment to R&D&I and technological sovereigntyCybercrime is an extremely lucrative business that invests aggressively in increasingly sophisticated attack techniques, tools, and models. To avoid always falling behind, it is essential to develop security solutions, services, and products that can meet these challenges.

Relying exclusively on third-party or foreign technologies puts us in a vulnerable position, both from a market perspective and in terms of digital sovereignty. For this reason, INCIBE has launched public calls for the development of university chairs and strategic projects in cybersecuritywith very clear objectives: to increase research capacity, stimulate the academic-business ecosystem and generate cutting-edge solutions in areas such as artificial intelligence or quantum technologies applied to security.

These endowed chairs aim to enhance cybersecurity capabilities and resources within universities, companies, and technology centers, fostering knowledge transfer to the productive sector. They are, essentially, spaces where highly specialized talent is trained While addressing real market challenges, strategic projects aim to tackle some of the biggest scientific and technological challenges associated with digital security head-on, promoting the practical application of the results.

These initiatives are integrated into the Global Security Innovation Program of the PRTR, also under component 15. In total, 72 agreements have been signed with universities to develop 50 strategic projects and 22 endowed chairs, with a budget exceeding 60 million euros, of which INCIBE contributes 75% with European funds. In Castile and León, 15 agreements have been formalized with a budget exceeding 11 million euros.

For innovative startups and SMEs, this ecosystem represents a valuable source of talent, lines of collaboration, and opportunities for technology transfer. The boundary between laboratory and market is shrinkingThis allows new security solutions to reach end customers faster and become competitive products on a global scale.

Public Procurement of Innovation: Real Traction for Cyber ​​Solutions

La Public Procurement of Innovation (CPI) It has become a key lever for boosting competitiveness and innovation within public administrations. In the field of cybersecurity, INCIBE has developed the IECPI (Strategic Initiative for Public Procurement of Innovation), which uses public demand for products, services, and supplies as a tool to implement national digital security policies and directly support industry.

This initiative is also part of the PRTR's Global Safety Innovation Programme, specifically within the milestones that aim to "Development of high value-added cybersecurity solutions and servicesIn practice, this means that INCIBE and other public actors launch calls seeking innovative solutions to specific security problems, funding their development and validation in real-world environments.

Currently, four calls for proposals for Public-Private Partnerships (PPPs) are underway, with a total volume exceeding €248 million, of which INCIBE is co-investing over €201 million. These actions have already resulted in 153 projects spread throughout the national territory17 of them in Castilla y León, with a contribution from INCIBE of close to 15 million euros.

For companies—especially technology-based companies and cybersecurity startups—PPI is a powerful traction tool: it not only provides funding, but also a reference public client with complex needsReal data and the ability to scale solutions to large scale. Successfully completing a CPI project opens doors to new markets, strengthens the company's credibility, and provides knowledge of the regulatory environment that is very difficult to obtain through other means.

In summary, strategic public procurement in cybersecurity acts as a sophisticated demand engine that pushes companies to to truly innovate, not just incrementally.And that competitive pressure, when properly channeled, generates products and services that can then compete successfully beyond our borders.

#INCIBEExperience: Cyber ​​culture for businesses and society

No cybersecurity strategy works if it ignores the human factor. That's why INCIBE has launched #INCIBEExperience, a set of awareness-raising actionsEducation, promotion and dissemination in cybersecurity that, for three years, will travel throughout Spain to reinforce confidence in the use of digital technologies.

This experience is aimed at three main audiences: businesses and professionals, the general public, and children along with their families and schools. The most striking format is a pop-up roadshow truck which travels throughout the country offering activities for all ages: escape rooms, online games, training modules, a tent with large-format board and floor games, and a booth linked to 017.

The goal is for anyone to be able to experiment with cybersecurity in an accessible, practical, and fun way, learning to protect their digital identity, devices, and personal information. At the events in which INCIBE participates, a... mobile modular stand with three distinct zones: informative, demonstrative and training, and gamification, with activities such as Kahoot!-type tests and micro-training.

Since its launch in 2023, #ExperienciaINCIBE has visited all the provinces of Castile and León: León, Zamora, Salamanca, Palencia, Valladolid, Segovia, Burgos, Soria, and Ávila. This widespread reach is important because it allows bringing cybersecurity culture to rural areas and medium-sized citieswhere there are also companies, self-employed individuals, educational centers and citizens exposed to digital risks.

For SMEs and entrepreneurs, these initiatives represent an accessible opportunity to train their teams, raise awareness among staff, and begin building a true cybersecurity culture without large investments. And that culture is, in the long run, one of the most valuable assets for reducing incidents and differentiating oneself as a reliable provider.

Cybersecurity as a catalyst for sustainable growth

In today's digital economy, cybersecurity has gone from being a purely technical element to becoming a strategic vector of innovation, resilience and competitive differentiationHyperconnectivity, the cloud, artificial intelligence, robotic process automation (RPA), and the industrial Internet of Things have multiplied the attack surface, so security is no longer an operating cost: it is an essential asset for meaningful innovation.

Digital transformation projects—migrations to multicloud architectures, DevSecOps environments, integration of AI into critical processes, adoption of Zero Trust, Confidential Computing, etc.—require that security be... embedded from the design stage (Security by Design) and from the early stages of the development cycle (Shift Left Security)Only in this way can extremely costly subsequent fixes be avoided, both in terms of time, money and reputation.

Organizations that demonstrate maturity in cybersecurity and regulatory compliance (ISO 27001, NIS2, ENS, GDPR, DORA) achieve a clear reputational and commercial advantageIn B2B and B2G markets, cybersecurity trust is now as important a selection criterion as price or quality. Contracts with major clients require evidence of security throughout the digital supply chain, independent audits, and risk-based governance models.

At the same time, the most advanced companies are betting on intelligent defense automation, with platforms that combine SIEM, XDR, SOAR, AI and cyber observability to Detect, prioritize, and respond to incidents in near real timeThis transforms security from something reactive and manual into a dynamic system, capable of learning, anticipating, and sustaining business continuity even in sophisticated attack scenarios.

All of this is part of a broader vision of cyber resilienceThe key here is not so much preventing every incident (which is impossible) as reducing detection, response, and recovery time, minimizing the financial and operational impact. Organizations that master this discipline not only suffer less, but can also afford to innovate more ambitiously, knowing that their security foundation and responsiveness have their backs.

Taken together, this entire constellation of public initiatives (INCIBE, RETECH, INCIBE Emprende, professorships, CPI, #ExperienciaINCIBE), advanced technological tools, and startup acceleration programs demonstrates that cybersecurity is no longer a hindrance or a mere mandatory cost, but a true engine of entrepreneurship and competitivenessIt allows you to open markets, attract investment, differentiate yourself to customers, create skilled jobs and, ultimately, sustain a robust, reliable digital growth model aligned with the demands of the next decade.