On 28 October, Banco Sabadell held a new edition of its Cyberday, an event that brought together hundreds of in-person attendees along with colleagues joining online. The day was split into two parts: the morning focused on technological collaboration and the bank’s security strategy; the afternoon was dedicated to raising awareness of the human factor, our first line of defence against fraud and scams.

 

Security through strategy and technological collaboration

The day opened with remarks from Joan Puig, Head of Information Security, who emphasised the shared responsibility of safeguarding the bank’s assets:

“Protecting information is everyone’s job at Banco Sabadell. Our area coordinates and supports, but we cannot protect the bank on our own.”

He was followed by Marc Segarra, Director of Security Strategy, who outlined his team’s mission: anticipating security needs in the products and services the bank provides to customers, suppliers and employees. He highlighted the evolution of their involvement in projects, encouraging collaboration from the outset, jointly defining designs and solutions and addressing risks from the earliest stages.

Later, Jorge Pardeiro and Nicolás Pérez, from the Security by Design and Security Assessment teams, delved into the security controls and requirements set out in the Digital Banking Blue Book. They stressed the importance of safeguarding mobile and web channels, including multi-factor authentication (something you know, something you are, and something you have), fraud-detection tools and secure session and token management.

The morning wrapped up with a session on the future of cryptography featuring Gonzalo Brandon, Román Ramírez and Álvaro Herrera. They discussed the risks that quantum computing poses to current cryptographic standards and the bank’s crypto-agility strategy, which will enable the transition to algorithms resistant even to quantum computers, such as the NIST-standardised Kyber and Dilithium.
“We are committed to agile cryptography that lets us switch algorithms quickly whenever needed, ensuring the security of our customers and services,” Herrera noted.

 

Awareness against fraud and scams: our first shield

The afternoon session, under the theme “Protection starts with you”, focused on the risks that fraud and scams present to employees, customers and suppliers.

Elena Carrera, Chief Operating and Technology Officer, pointed out that 70% of cybersecurity incidents are linked to fraud or scams, underscoring that protecting people must be the priority. The bank invests €35 million per year in cybersecurity and has over 100 specialists dedicated to safeguarding its systems.

Ponentes en el evento Ciberday 2025

 

Alfonso Martínez, from the Advanced Cybersecurity Assessment team, demonstrated the increasing sophistication of social-engineering attacks such as “vishing” and the use of deepfakes. He showed how readily accessible AI tools can be used to clone a voice and how the bank conducts simulated exercises to train employees to detect such attacks.

The fraud prevention and management team, Víctor López, David Armengol and Carlos Manzano, presented the main types of scams:

  • Investment scams: promises of high returns with little risk, causing the greatest financial losses.
  • CEO fraud: impersonation attacks used to trick employees into making urgent transfers.
  • Fake job offers: victims unknowingly acting as “money mules”, receiving and transferring funds.

The experts highlighted the importance of identifying and preventing mule accounts, which act as the link between fraud and money laundering.

“Pause, think, and act safely. This is the most effective way to protect ourselves and those around us,” emphasised David Armengol.

Sub-Inspector José Ángel Merino, from the Criminal Investigation Division of the Mossos d’Esquadra, provided criminological data: every day, 300 new victims of scams are reported in Catalonia, yet only about 9% of cases are resolved due to judicial overload and limited international cooperation. Merino warned of the inherent human vulnerability to deception:

“We must recognise that we are all susceptible to scams; it is part of human nature, and only knowledge can protect us.”

 

Technology and awareness for safer users

The day concluded with Joan Puig, who challenged attendees to combine the technological collaboration highlighted in the morning with the awareness-raising focus of the afternoon, with the aim of creating user experiences that make fraud easier to detect and strengthen the security of both customers and employees.

“Our commitment is clear: to continue designing safer systems and improving protection against scams, always placing our customers and our people at the heart of our decisions,” Puig said, closing a day that brought together innovation, strategy and human insight.