In our most recent edition of Digital Talks, we addressed a highly relevant topic for the financial sector and society at large: cybersecurity. Digital transformation has opened the door to new opportunities, but it has also increased technological risks. In this context, protecting data and digital assets becomes a strategic priority.

At Banco Sabadell, we take on this challenge with a solid strategy based on three fundamental pillars: protect, detect and respond. This approach allows us to act proactively in an increasingly sophisticated environment of cyberattacks.

 

Three pillars against technological risk

Cybersecurity does not depend on a single system or one-off solution. It is a comprehensive framework built on three well-defined fronts.

  • Protection: we implement barriers to prevent unauthorised access, such as firewalls, strong passwords, access policies and network segmentation. The goal is to stop the attacker from breaking in.
  • Detection: if someone does manage to get past those barriers, it is crucial to identify them as quickly as possible. Here, technologies based on artificial intelligence come into play, capable of detecting unusual patterns and anticipating threats.
  • Response: once an intrusion has been identified, we activate protocols that contain the incident, isolate the attack and restore systems as quickly as possible. Recovery capacity is essential to ensure operational continuity and maintain customer trust.

Over time, we have increased technological investment, but we have also strengthened another key area: people’s training and awareness.

 

Continuous training and a cybersecurity culture

The weakest link in any system is still the human element. That is why, at Sabadell Digital, we promote a culture of active prevention at all levels.

  • All staff receive mandatory training in cybersecurity.
  • We run awareness campaigns for employees and customers, tailored to current threats.
  • From the very start of each new development, we incorporate the principle of security by design, integrating security as part of the design rather than as an added layer.

As Rüdiger Schmidt, CTO of Banco Sabadell, stated during the session: “The greatest enemy of cybersecurity is complacency”. This is why we are committed to a mindset of continuous improvement, evolving at the pace of emerging threats.

 

Fraud and scams: why is it important to distinguish them?

One of the most revealing aspects of the talk was the distinction between fraud and scams. Although the terms are often used interchangeably, they refer to different situations that require specific responses.

  • Fraud: the attacker impersonates the customer without their knowledge. Using techniques such as “man-in-the-middle”, the criminal inserts themselves into the communication between the bank and the user to act on their behalf.
  • Scam: in this case, the customer carries out an operation under false pretences, deceived by social engineering techniques such as phishing emails or SMS. The attacker does not impersonate them but instead manipulates the user emotionally so they act against their own interests.

Correctly identifying the type of attack allows us to design more effective solutions and educate customers in the right way to prevent similar situations.

 

Prepared for the most demanding scenarios: operational resilience

The best defence against the unexpected is being prepared. At Sabadell Digital, we have reinforced our infrastructure to deal with critical situations such as ransomware attacks or large-scale service disruptions.

  • We have redundant data processing centres synchronised in real time.
  • We apply specific protocols for the rapid recovery of critical data.
  • We regularly carry out simulations to test our systems and improve our response capacity.

These measures form part of a strategy designed to ensure business continuity even in adverse conditions. It is not only about resisting attacks but also about guaranteeing that the bank can continue to operate as normal.

 

Cybersecurity as a shared responsibility

Digital security is a collective commitment. The bank, employees and customers are all part of the same ecosystem and share responsibility for protecting it. This is why, at Sabadell Digital, we work to integrate cybersecurity into every process, product and decision.

Investing in technology is essential, but it is not enough. We also need to foster a vigilant attitude and an organisational culture focused on continuous learning. In a constantly evolving digital world, adapting is not an option: it is a necessity.