In an ecosystem where digital assets are the engine driving the global economy, the speed at which information can be stolen and traded on illicit markets dramatically reduces the options for recovery after a cyberattack. Facing this scenario of systemic vulnerability, Hiscox’s 2025 Cyber Readiness Report notes that 94% of Spanish organizations plan to increase their cybersecurity investments this year.
To gauge the scale of the challenge, the insurance company analyzes five of the most representative cases, which illustrate the evolution of cyberattacks and underscore the urgent need to adopt comprehensive protection strategies:
Ashley Madison Reputational Sabotage
In 2015, the hacktivist group The Impact Team demanded the shutdown of the dating site Ashley Madison, arguing that it deceived users about discretion and confidentiality. When the company refused, they leaked 60 GB of sensitive information from 32 million users – including names, photos, and sexual preferences. Beyond the $11 million in settlements, the attack sparked an unprecedented social crisis with massive divorces and extortion.
This kind of reputational damage is particularly critical today because, according to the report, 34% of Spanish companies identify loss of trust after a cyberattack as one of their top risks.
The Equifax Patch Failure and the Weight of the Human Factor
In 2017, a critical vulnerability in the popular open-source Apache Struts framework – previously warned about by the U.S. Department of Homeland Security – was not patched in time by Equifax’s system administrator, one of the nation’s leading credit bureaus. This operational negligence allowed the exposure of financial data and Social Security numbers of 147 million people, resulting in more than $1.4 billion in settlements and fines.
The Wirecard Collapse for Financial Fraud
In 2020, through manipulation of digital documents and fictitious transactions, the management of the German fintech Wirecard simulated the existence of €1.9 billion in corporate balances, evading audit controls for years until triggering a €13 billion drop in market value. The financial loss arising from fraud via misappropriation of payments remains the most frequent consequence, affecting 53% of companies, compared with 55% in 2024 and 38% in 2023, according to the same report.
CrowdStrike and the Domino Effect of External-System Failures
In 2024, a coding error in a routine update to CrowdStrike’s Falcon software caused global Windows devices to crash, affecting critical sectors such as aviation, healthcare and banking. The incident is estimated to have impacted 8.5 million devices and to have cost up to $5.4 billion for Fortune 500 companies. This episode highlights the growing reliance on technology vendors and the risk tied to the supply chain, already deemed the main exposure vector by 33% of Spanish organizations, according to the same report.
Ransomware Attack on Cencora
Also in 2024, the criminal group Dark Angels managed to infiltrate Cencora’s systems for weeks, exfiltrating 100 terabytes of medical and personal data from millions of patients and from the world’s largest pharmaceutical companies. After initially demanding $150 million, the company ultimately paid a Bitcoin ransom of $75 million. Ransomware remains a persistent threat: in Spain, it affects 31% of SMEs, according to the same report. However, paying does not guarantee full data recovery, as only 57% of organizations that pay manage to fully restore their data.
“In light of the magnitude of these incidents, insurance protection has ceased to be a one-off option and has become a structural necessity within business management. With CyberClear 360º, we are driving a solution that offers full coverage and immediate expert response. Our policy ensures that the investment of companies not only covers own damages, but also safeguards business continuity in crises that, as we have seen, can threaten the survival of any organization,” said Hiscox Spain.
