David Hoffman, Steed Family Professor, Duke University

Andy Kotz, Researcher, Duke University

Belisario Contreras, Coordinator, DigiAmericas Alliance

The LATAM CISO 2023 Cybersecurity Report provides insights from industry leaders regarding the level of cyber resilience among various organizations in the Latin American region. LATAM CISO is a multistakeholder and interdisciplinary network of cybersecurity professionals that aims to gather and coordinate input from members to shape the priorities ofcybersecurity in the Americas and strengthen their overall security posture. This report was created to identify gaps in security, as well as the needs andlimitations of organizations in Latin America that are preventing them from achieving a better stance against cyberattacks. The Latin American region suersmore than 1,600 cyberattacks a second, which is why it is imperative that organizations toughen their capabilities to protect themselves from this growing environment of cyberattacks and security risks. The report is intended to provide decision makers from both the public and private sectors with insights to help them understand their vulnerabilities and focus their efforts and resources on the areas within their country that need the most support. To this end, a survey was conducted among chief information security officers (CISOs) and other manager-level positions in 195 organizations from different sectors of all sizes. Among those surveyed, 21% work at a small organization(1–100 employees), 24% work at a medium organization (100–999 employees), and 56% work at a large organization (over 1,000 employees). The most heavily represented industries were financial services (24%), government (23%), and professional services (10%). Over 70% of respondents reported that the number of cyberattacks on their organization has increased from the previous year, demonstrating that despite increased cybersecurity efforts, the attacks are persisting. The report begins with an assessment of organizations’ budgets, types of attacks, number of attacks, risk assessment frequency, multi-factor authentication (MFA) deployment, security awareness trainings, and other factors that affect the cybersecurity capabilities of organizations. The report concludes with a set of recommendations that will contribute to improving cybersecurity and resilience in the Latin American region. The recommendations focus on each data collection category and suggest actions based on the indings. For example, the data collected demonstrate inadequate investment in regular security risk assessment. An increase in governmental campaigns to create cybersecurity frameworks requiring organizations to conduct risk assessments more frequently can enable the identification of vulnerabilities. This report will enable organizations to thoroughly examine their cybersecurity capabilities and understand the next steps needed to increase their resilience against attacks. Overall, the report found that while efforts are being made to fortify cyber capabilities, threats continue to persist. Consequently, organizations must continue to pay more attention to their vulnerabilities and how they can address them.




LATAM CISO & Duke University

Read Next

Prioritizing cybersecurity for state government: How a ‘whole of government’ approach benefits all

As cybersecurity concerns are front and center for state technology leaders, some jurisdictions are looking at a "whole of government" approach that would enable them to help locals and school districts.

Report: How a ‘whole of government’ approach to cybersecurity can help states

A look at how a "whole of government" Approach to cybersecurity can help states, locals and school districts.

Center for Cybersecurity Policy and Law Launches Initiatives To Support Detection and Remediation of Security Vulnerabilities

Hacking Policy Council and Security Research Legal Defense Fund Will Advance Security Research Protections and Awareness