A new report shows the growing impact cyberattacks have on Latin American economies. Governments and organizations can do more. Credit: Gorodenkoff / Shutterstock For the first time, over a dozen cybersecurity companies have come together to produce an agnostic study titled LATAM CISO Report 2023: Insights from Industry Leaders. More than 200 CISOs in the Americas region, in addition to the Inter-American Development Bank (IDB), Latin American Federation of Banks (FELABAN), and the World Economic Forum (WEF), contributed to the report. Duke University conducted the survey.The 2023 LATAM CISO Report offers different cybersecurity perspectives of industry leaders in Latin America. The report was created to identify gaps in security and the needs and limitations of organizations in Latin America that are preventing them from better securing themselves against cyberattacks. This document presents findings from a survey of leaders throughout the Latin American region. It provides guidelines and recommendations for creating public policies to develop and strengthen cyber capabilities.LATAM cyberattacks increasingMore than 1,600 cyberattacks are reported in Latin America per second, making cyberattacks one of the fastest-growing security problems in the area. The data collected in the report reveals that the economic damages of cyberattacks could exceed 1% of some countries in the Americas’ GDP and rise to 6% if critical infrastructures are attacked. Additionally, only seven of 32 countries analyzed by the Inter-American Development Bank (IDB) have plans to protect their critical infrastructure from such attacks, and only 20 have computer emergency response teams (CSIRTS). Major findings of the report include that more than 70% of respondents said that the number of attacks on their organization has increased from the previous year. It highlights phishing and ransomware as some of the most prominent cyberattacks facing this region and concludes with recommendations on constructing public policies to address these rising threats. Many organizations take the increasing threat of zero-day attacks seriously, and room for growth remains. Over half of all organizations (60.83%) perform security risk assessments only at least once a year (33%) or at least twice a year (28%). LATAM CISOs reported that patches were applied within 30 days (29%) or 60 days (26%).Over 50% of respondents reported providing security awareness training monthly (26%) or quarterly (25%), with others doing so at least twice a year (18%) or once a year (22%). Only 8% reported a complete lack of security awareness training. When asked about C-level executives, 47% of respondents believed those executives had a “moderate awareness and knowledge of strategic cybersecurity issues,” and 41% believed they have “enough awareness.” New approach to cybersecurity budgets, frameworks neededThe report also highlights many areas that require more focus from governments, such as budgets, patching, and multi-factor authentication. Developing customized approaches to budgets can ensure that citizens and businesses have the right assistance to protect their data and networks. Additionally, governments should promote the creation of cybersecurity frameworks that require organizations to conduct ongoing vulnerability testing and manage government funds for conducting such assessments. Cybersecurity operations should take an approach that combines security operations with technology, improving visibility, orchestration capabilities, and operational feedback to build up cyber resilience.It is the hope that this report enables organizations to thoroughly examine their cybersecurity capabilities and understand what next steps to take to increase resiliency against attacks. The LATAM CISO Report 2023 found that while efforts are being made to strengthen capabilities, the threats persist at concerning rates. Organizations and governments must continue to pay more attention to their vulnerabilities and take proactive steps to address them.Belisario Contreras is senior director, global security & technology strategy at Venable LLP. The views expressed in this article are those of the author alone and not of his employer. Related content news Singing River ransomware attack now thought to have affected over 895,000 The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack. By Shweta Sharma May 15, 2024 4 mins Data Breach Ransomware brandpost Sponsored by Sans Institute Clock is ticking for companies to prepare for EU NIS2 Directive Many companies are still not ready for the impact of NIS2, but SANS can help them prepare. By Laura McEwan May 15, 2024 3 mins Security feature Backlogs at National Vulnerability Database prompt action from NIST and CISA A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases. By John Mello Jr. May 15, 2024 10 mins Threat and Vulnerability Management Security Practices Vulnerabilities news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe