BBVA, the most transparent Ibex 35 company in cybersecurity

The 4th Cybersecurity Transparency Report, published by Watch & Act, ranks the top-performing Spanish companies according to the clarity and completeness of the information they disclose on cybersecurity. It does this by comparing publicly available information on the main Ibex 35 companies, including corporate governance reports and non-financial information.

In this report, BBVA earned the highest score, clearly illustrating that cybersecurity is a key part of its digital strategy. Not only did BBVA obtain the maximum score possible in each of the 14 aspects evaluated, it also earned an additional point for the clarity, accessibility and visibility of its information.

The assessment criteria used in the ranking address aspects such as organizational performance, the involvement of senior management, the level of reporting of the function, or the existence of a cybersecurity policy. Cybersecurity assets and programs are also assessed, including the uptime of a cybersecurity operations center, the main projects underway or the volume of investment made in this regard. When it comes to regulatory compliance, the existence of certifications showing that employees follow good practices is viewed positively. Last but not least, in relation to cybersecurity events, the volume of incidents and the impacts they have caused are analyzed.

Cybersecurity, more than just a legal obligation

This report illustrates the importance of cybersecurity as part of business strategy and as a key defense in making the economy more stable. Notably, in the risk outlook published by the Davos Forum (World Economic Forum) for 2024, cybersecurity is one of the top 10 threats to the global economy, on a par with inflation, armed conflict and economic recession. This general concern is reflected in the proliferation of law and regulations devoted to cybersecurity, such as NIS2 or DORA, which aim to improve the overall level of online security, and also in the increasing involvement of top management in matters of issues.

In relation to transparency in cybersecurity, the report highlights how regulators, both European and Spanish, are busy promoting transparency in risk reporting. This thrust towards cybersecurity is reflected in Directive 2014/95/EU of the European Parliament and of the Council, as well as in Spanish Law 11/2018, on the publication of non-financial information among companies.

According to Begoña García, Global Head of Cybersecurity Awareness & Culture at BBVA, “Cybersecurity is not only a key pillar to protect organizations, but also an essential tool in building confidence among our customers and investors. Cyber-risks are now one of the biggest global threats, and our commitment is not just to strengthen security, but also to communicate it in a clear and accessible manner. This not only builds trust, but also makes organizations stronger and more sustainable in today’s digital landscape.”

In short, the report highlights the progress made toward transparency compared with the previous edition, especially in terms of the involvement of senior management and information on the control of risks in the supply chain. At the sector level, the financial industry now leads the ranking, having overtaken the telecoms sector.