David Hoffman, Steed Family Professor, Duke University

Andy Kotz, Researcher, Duke University

Belisario Contreras, Coordinator, DigiAmericas Alliance

The LATAM CISO 2023 Cybersecurity Report provides insights from industry leaders regarding the level of cyber resilience among various organizations in the Latin American region. LATAM CISO is a multistakeholder and interdisciplinary network of cybersecurity professionals that aims to gather and coordinate input from members to shape the priorities ofcybersecurity in the Americas and strengthen their overall security posture. This report was created to identify gaps in security, as well as the needs andlimitations of organizations in Latin America that are preventing them from achieving a better stance against cyberattacks. The Latin American region suersmore than 1,600 cyberattacks a second, which is why it is imperative that organizations toughen their capabilities to protect themselves from this growing environment of cyberattacks and security risks. The report is intended to provide decision makers from both the public and private sectors with insights to help them understand their vulnerabilities and focus their efforts and resources on the areas within their country that need the most support. To this end, a survey was conducted among chief information security officers (CISOs) and other manager-level positions in 195 organizations from different sectors of all sizes. Among those surveyed, 21% work at a small organization(1–100 employees), 24% work at a medium organization (100–999 employees), and 56% work at a large organization (over 1,000 employees). The most heavily represented industries were financial services (24%), government (23%), and professional services (10%). Over 70% of respondents reported that the number of cyberattacks on their organization has increased from the previous year, demonstrating that despite increased cybersecurity efforts, the attacks are persisting. The report begins with an assessment of organizations’ budgets, types of attacks, number of attacks, risk assessment frequency, multi-factor authentication (MFA) deployment, security awareness trainings, and other factors that affect the cybersecurity capabilities of organizations. The report concludes with a set of recommendations that will contribute to improving cybersecurity and resilience in the Latin American region. The recommendations focus on each data collection category and suggest actions based on the indings. For example, the data collected demonstrate inadequate investment in regular security risk assessment. An increase in governmental campaigns to create cybersecurity frameworks requiring organizations to conduct risk assessments more frequently can enable the identification of vulnerabilities. This report will enable organizations to thoroughly examine their cybersecurity capabilities and understand the next steps needed to increase their resilience against attacks. Overall, the report found that while efforts are being made to fortify cyber capabilities, threats continue to persist. Consequently, organizations must continue to pay more attention to their vulnerabilities and how they can address them.




LATAM CISO & Duke University

Read Next

Cyberspace Solarium Commission 2.0 with Mark Montgomery (DCP S2 E1)

In our latest Distilling Cyber Policy podcast episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Mark Montgomery, Senior Director and Senior Fellow at the Foundation for the Defense of Democracies.

Cybersecurity Coalition Announces CyberNext Brussels

The Cybersecurity Coalition has announced the inaugural CyberNext Brussels conference taking place March 21 at the Stanhope Hotel Brussels.

EU’s Digital Markets Act Puts the Security Onus on Mobile Users

In our latest paper, we discuss the impact of the EU’s mobile app store provisions of the Digital Markets Act, which requires mobile operating systems open up more options for users to install apps, potentially also adding security threats.