With digitalisation becoming increasingly prevalent, cybersecurity is emerging as a key element in both preventing and responding to ever more sophisticated threats. The implementation of the NIS2 Directive marks a turning point in the approach to cybersecurity in Europe, redefining obligations, responsibilities and standards for organisations and strategic sectors.

Against this backdrop, APD Talks hosted the session “The new cybersecurity roadmap in Spain”, where the key aspects of this new regulatory framework were analysed, along with its real impact on businesses and public administrations, and the challenges posed by its practical implementation. The session featured the participation of Joan Puig, Chief Information Security Officer (CISO) at Banco Sabadell, alongside other industry professionals.

 

Resilience: The Cornerstone of the NIS2 Directive

During the session, it was highlighted that this regulation will apply to thousands of medium and large Spanish companies. NIS2 establishes the obligation to adopt measures in two main directions:

  1. Incident prevention: strengthening entry barriers.
  2. Operational resilience: the ability to respond to and recover from a cyberattack.

This approach broadens the traditional scope of security, positioning resilience as a strategic element for business continuity.

The Financial Sector and the DORA Regulation

The financial sector already operates under a high level of regulation. Cybersecurity and digital resilience requirements have been mandatory since January 2025 under the DORA Regulation. However, it is essential to remember that security is a shared responsibility affecting companies, institutions and suppliers alike, reinforcing risk management across the entire value chain.

 

Towards a Safer Digital Society

The positive impact of extending these measures to other sectors was emphasised as a step towards a more secure digital society. Throughout the session, critical issues were discussed, including:

  • The role of cybersecurity in strategic decision-making.
  • The value of specialist firms within the business ecosystem.
  • The importance of embedding security into organisational culture.

In this new context, having well-prepared professionals is essential. At Banco Sabadell, we are committed to developing capabilities that enable us to anticipate the challenges of the digital environment, investing in technological talent and a culture of continuous improvement.