A new report shows the growing impact cyberattacks have on Latin American economies. Governments and organizations can do more. Credit: Gorodenkoff / Shutterstock For the first time, over a dozen cybersecurity companies have come together to produce an agnostic study titled LATAM CISO Report 2023: Insights from Industry Leaders. More than 200 CISOs in the Americas region, in addition to the Inter-American Development Bank (IDB), Latin American Federation of Banks (FELABAN), and the World Economic Forum (WEF), contributed to the report. Duke University conducted the survey.The 2023 LATAM CISO Report offers different cybersecurity perspectives of industry leaders in Latin America. The report was created to identify gaps in security and the needs and limitations of organizations in Latin America that are preventing them from better securing themselves against cyberattacks. This document presents findings from a survey of leaders throughout the Latin American region. It provides guidelines and recommendations for creating public policies to develop and strengthen cyber capabilities.LATAM cyberattacks increasingMore than 1,600 cyberattacks are reported in Latin America per second, making cyberattacks one of the fastest-growing security problems in the area. The data collected in the report reveals that the economic damages of cyberattacks could exceed 1% of some countries in the Americas’ GDP and rise to 6% if critical infrastructures are attacked. Additionally, only seven of 32 countries analyzed by the Inter-American Development Bank (IDB) have plans to protect their critical infrastructure from such attacks, and only 20 have computer emergency response teams (CSIRTS). Major findings of the report include that more than 70% of respondents said that the number of attacks on their organization has increased from the previous year. It highlights phishing and ransomware as some of the most prominent cyberattacks facing this region and concludes with recommendations on constructing public policies to address these rising threats. Many organizations take the increasing threat of zero-day attacks seriously, and room for growth remains. Over half of all organizations (60.83%) perform security risk assessments only at least once a year (33%) or at least twice a year (28%). LATAM CISOs reported that patches were applied within 30 days (29%) or 60 days (26%).Over 50% of respondents reported providing security awareness training monthly (26%) or quarterly (25%), with others doing so at least twice a year (18%) or once a year (22%). Only 8% reported a complete lack of security awareness training. When asked about C-level executives, 47% of respondents believed those executives had a “moderate awareness and knowledge of strategic cybersecurity issues,” and 41% believed they have “enough awareness.” New approach to cybersecurity budgets, frameworks neededThe report also highlights many areas that require more focus from governments, such as budgets, patching, and multi-factor authentication. Developing customized approaches to budgets can ensure that citizens and businesses have the right assistance to protect their data and networks. Additionally, governments should promote the creation of cybersecurity frameworks that require organizations to conduct ongoing vulnerability testing and manage government funds for conducting such assessments. Cybersecurity operations should take an approach that combines security operations with technology, improving visibility, orchestration capabilities, and operational feedback to build up cyber resilience.It is the hope that this report enables organizations to thoroughly examine their cybersecurity capabilities and understand what next steps to take to increase resiliency against attacks. The LATAM CISO Report 2023 found that while efforts are being made to strengthen capabilities, the threats persist at concerning rates. Organizations and governments must continue to pay more attention to their vulnerabilities and take proactive steps to address them.Belisario Contreras is senior director, global security & technology strategy at Venable LLP. The views expressed in this article are those of the author alone and not of his employer. Related content news analysis SEC rule for finance firms boosts disclosure requirements Amendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers. By Evan Schuman May 17, 2024 5 mins Data Breach Financial Services Industry Data Privacy feature DDoS attacks: Definition, examples, and techniques Distributed denial of service (DDoS) attacks have been part of the criminal toolbox for over twenty years, and they’re only growing more prevalent and stronger. By Josh Fruhlinger May 17, 2024 10 mins DDoS Cyberattacks news FCC proposes BGP security measures Protecting the Border Gateway Protocol is as important as protecting the border. By Gyana Swain May 17, 2024 1 min Regulation Network Security feature Cyber resilience: A business imperative CISOs must get right With ransomware at an all-time high, companies need to understand that being cyber resilient means going beyond compliance to considering all aspects of a business, from operational continuity to software supply chain security. By Andrada Fiscutean May 16, 2024 12 mins Regulation Incident Response Supply Chain PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe