Cyber risk dominates
29% selected cyber risk – data breaches, criminal threats and widespread outages – as their top risk concern up from 27% in 2025.
Cyber risk is now the number one threat concern for the Spanish executives we surveyed. What was once seen as an IT problem has become a serious business risk, with the potential to disrupt operations, damage reputations and spread across supply chains with lasting impact.
Our tracking of Spain-based executives shows strong concern about cyber risk, but also high confidence in existing resilience measures.
Many believe they would recover fully - financially and reputationally - after a cyber incident. In reality, this confidence is likely to be misplaced.
Cyber criminals are increasingly using AI driven tools to run fast, large scale phishing and reconnaissance attacks. These automated systems exploit the connected nature of modern technology, making attacks quicker and harder to detect or contain. As a result, cyber threats are escalating across organisations, regardless of their size or sector, with less warning and greater consequences.
Resilience today must be built into everyday business planning, not treated as a one-off exercise. Organisations need clear, well tested business continuity plans that allow them to respond quickly and effectively to cyber incidents.
Planning should also consider the real cost of an attack. This includes understanding how much financial impact the business can absorb, what cyber insurance is in place, where cover may be limited, and where controls or processes have gaps. Without this clarity, recovery will be slower, more expensive and more disruptive.
Source: Beazley Risk & Resilience Surveys.
Cyber risk remains Spanish executives’ most persistent concern. They predict an improving outlook for technology disruption risk, falling from 27% in 2024 to 21% in 2026. Meanwhile, executives anticipate continued exposure to technology obsolescence and rising intellectual property risk, signalling growing strategic and innovation related pressures.
Spanish executives report strong perceived resilience in 2026, with preparedness exceeding 80% across all risk areas. Confidence is highest for technology obsolescence and disruption risk (both 84%), while cyber resilience remains robust at 83%. Although easing from 2025 peaks, overall readiness remains high, suggesting sustained confidence in organisational preparedness.
For Spain-based executives, resilience planning is clearly technology-led. AI investment is the top priority, signalling a strong focus on innovation-driven resilience. They are also planning to invest in cyber security, insurance and risk management reflecting a broad, proactive approach to managing digital and operational risks.
Risk concern varies by company size. Large organisations express higher concern overall, particularly for cyber and IP risk, reflecting greater exposure and organisational complexity. Smaller organisations report lower concern across most risks, except technology obsolescence, where elevated anxiety for large firms highlights the risks of running legacy systems and the capital resources required to upgrade them.
Perceived preparedness is consistently higher among large organisations across all four technology risk areas. Confidence gaps are most pronounced for cyber risk and IP risk with SMEs reporting notably lower preparedness overall, potentially reflecting more limited resources, governance immaturity and lower investment capacity.
SMEs appear more concerned about long-term business disruption and contractual claims, reflecting their greater financial fragility. Larger organisations place greater emphasis on data loss, regulatory fines and reputational damage, highlighting heightened compliance exposure, stakeholder scrutiny and brand related risk.
Financial Institutions and Professional Services firms report the highest levels of cyber risk concern alongside moderately high preparedness, suggesting perceived exposure exceeds confidence.
Public Sector and Education combine low concern with exceptionally high preparedness, while Construction shows comparatively weak readiness.
Overall, the results point to rising cyber concern but a stronger sense of preparedness, potentially indicating overconfidence in resilience, particularly in sectors rating both risk and readiness highly.
Across sectors, the Public Sector and Education lead resilience investment planning, particularly in AI and cyber security. Financial and Professional Services and Healthcare also prioritise these areas. Manufacturing takes a balanced approach across insurance and risk management, while Hospitality and Transport show lower levels of planned investment in cyber resilience measures.