Caixabank (Go to Home)
Print pageCybersecurity
In 2025, the 2023–2025 Information Security Strategic Plan was closed, having achieved all its objectives, and the Cosmos Plan was launched, aimed at transforming the Group’s technological ecosystem.
During 2025, and within the framework of the Information Security Master Plan, initiatives were implemented to strengthen critical capabilities in digital identity, secure software development, data loss prevention, cybersecurity oversight of suppliers, promotion of cybersecurity culture, automation of identification, detection and response processes with adaptive AI capabilities, and the development of resilience plans against disasters or disruptive cyberattacks.
In 2025, we completed the 2023–2025 Information Security Strategic Plan (with over €90M invested in 2025, more than 30% above 2024) and launched the Cosmos Plan (2025–2030), aimed at transforming the Group’s technological ecosystem, including the information security domain.
Cybersecurity, our priority
Our team is committed to cybersecurity, complying with both the legal and regulatory requirements in force, and with the NIST Cybersecurity Framework, the most advanced security framework.
-
24/7 specialist team
-
International certifications such as official CERT
-
+€90 M
invested in cybersecurity -
97 % professionals
who took the security course
Reinforcing our commitment to cybersecurity with international best practices
In addition to security reviews, assessments of the lines of defense, inspections carried out by supervisory authorities, and audits conducted by third parties (such as SWIFT, IBERPAY, TARGET2, PCI, among others), as well as the annual financial audit that includes aspects related to information security, CaixaBank maintains internationally recognized information security certifications on an annual basis, such as ISO 27001, which certifies all the Group’s cybersecurity processes, including the CSIRT, and the National Security Scheme for the payment gateway that the Group provides to the public administration.
In addition, we are part of the CSIRT (Computer Security Incident Response Team), as well as the FIRST (Forum Of Incident Response And Security Teams) international forum. These distinctions support our operations and guarantee a safer, more resilient and more aligned environment with the highest international standards.
As one of the leading banks in innovation and cybersecurity, in 2025 we will continue to participate in the following projects at the European level in the development of cybersecurity capabilities:
 |
AI4CYBER: artificial Intelligence app to improve anomaly detection and infrastructure protection. |
 |
ATLANTIS: improve response and coordination between critical infrastructure operators to large-scale attacks or incidents. |
 |
GREEN DATA AI: improve the efficiency of Fraud Detection systems with AI tools. |
 |
EMERALD: transform the concept of continuous assessment and certification of cloud-based services into a complete scheme for Certification as a Service (CaaS). |
 |
NG-SOC: generate tools and services that improve SOC (Security Operations Center) capabilities. |
 |
INTERSOC: generate tools and services that improve SOC (Security Operations Center) capabilities. |
 |
PIQASO: develop optimized and operational implementations for a set of cryptographic algorithms and post-quantum protocols, the encapsulation of keys, digital signatures, key exchange (authenticated), among others. |
|
PQNEXT: to facilitate the transition to post-quantum cryptography (PQC) to ensure security against threats arising from quantum computing. |
|
VIGILANCE: to strengthen cybersecurity in European critical infrastructures through advanced monitoring, analysis, and response capabilities against emerging threats. |
|
CYBERAID: to increase the cyber resilience of critical infrastructures by developing an agentic AI-based infrastructure to coordinate cyber security tools. |
Launch of iSign
To fortify operational security, iSign has been introduced, a digital signature solution integrated into the CaixaBankNow app, providing an additional layer of protection and ensuring that only the account holder can authorise sensitive transactions. The transition from CaixaBank Sign to iSign represents a qualitative leap in customer experience, security, operational efficiency and technological modernisation.
iSign was awarded by Global Finance (best Finance Innovations in Europe 2025 – Western Region).
Accompanying our customers and employees by offering content in matters relating to cybersecurity is key for us, thus, through the Security space we offer tips on how to use our products and services securely and reliably.
