Cybersecurity

We have a strategic information security plan that seeks to keep the bank at the forefront of information protection, according to the best market standards.

At CaixaBank, we have the most innovative technology to prevent and detect cyberattacks, ensuring at all times the confidentiality, integrity and availability of information of our company, customers and employees. We work under the strictest safety standards, a requirement that has been acknowledged with a rating above the average of our competitors. 

We participate in various exercises in which a series of tests are conducted to assess our cybersecurity capabilities, consistently ranking among the top positions in the banking sector in Spain.

In 2024, for the second consecutive year, we achieved the highest score in Information Security / Cybersecurity and Systems Availability in the DJSI report.

Security, our priority

Our team is committed to information security, complying with both the legal and regulatory requirements in force, and with the NIST Cybersecurity Framework, the most advanced security framework.

Reinforcing our commitment to cybersecurity with international best practices

We demonstrate a firm commitment to cybersecurity by adopting the highest international standards. Proof of this is that we have been one of the first entities to obtain the ISO/IEC 27001 certification, one of the most globally recognised in information security management.

The scope of this certification covers our corporate cybersecurity activities as a Group, managed by a highly qualified team. This specialised equipment is distributed in different physical locations, which allows guaranteeing the comprehensive protection of all the operations carried out, regardless of the place from where they are executed. In this way, we consolidate a solid and resilient infrastructure, capable of meeting the challenges of today's digital environment, ensuring the trust of our customers and the integrity of our services.

In 2024 we have also obtained the certification in the National Security Scheme (ENS) for the information systems that support the payment gateway service by card (virtual and physical ATM), offered on a recurring basis to the public administration. This certification has been granted in accordance with the current system categorisation, currently in the middle category, and further strengthens the confidence in the soundness of our technological systems in the face of possible threats.

In addition, we have successfully passed the processes required to be part of the CSIRT (Computer Security Incident Response Team), as well as the FIRST (Forum Of Incident Response And Security Teams) international forum. These distinctions support our operations and guarantee a safer, more resilient and more aligned environment with the highest international standards.

As one of the leading banks in innovation and cybersecurity, in 2024 we will continue to participate in the following projects at the European level in the development of cybersecurity capabilities:

	AI4CYBER: artificial Intelligence app to improve anomaly detection and infrastructure protection.
	ATLANTIS: improve response and coordination between critical infrastructure operators to large-scale attacks or incidents.
	GREEN DATA AI: improve the efficiency of Fraud Detection systems with AI tools.
	EMERALD: transform the concept of continuous assessment and certification of cloud-based services into a complete scheme for Certification as a Service (CaaS).
	NG-SOC: generate tools and services that improve SOC (Security Operations Center) capabilities.
	INTERSOC: generate tools and services that improve SOC (Security Operations Center) capabilities.
	PIQASO: develop optimized and operational implementations for a set of cryptographic algorithms and post-quantum protocols, the encapsulation of keys, digital signatures, key exchange (authenticated), among others.
	REWIRE: certification of capabilities for professionals dedicated to cybersecurity in the European financial field.