David Hoffman, Steed Family Professor, Duke University

Andy Kotz, Researcher, Duke University

Belisario Contreras, Coordinator, DigiAmericas Alliance

The LATAM CISO 2023 Cybersecurity Report provides insights from industry leaders regarding the level of cyber resilience among various organizations in the Latin American region. LATAM CISO is a multistakeholder and interdisciplinary network of cybersecurity professionals that aims to gather and coordinate input from members to shape the priorities ofcybersecurity in the Americas and strengthen their overall security posture. This report was created to identify gaps in security, as well as the needs andlimitations of organizations in Latin America that are preventing them from achieving a better stance against cyberattacks. The Latin American region suersmore than 1,600 cyberattacks a second, which is why it is imperative that organizations toughen their capabilities to protect themselves from this growing environment of cyberattacks and security risks. The report is intended to provide decision makers from both the public and private sectors with insights to help them understand their vulnerabilities and focus their efforts and resources on the areas within their country that need the most support. To this end, a survey was conducted among chief information security officers (CISOs) and other manager-level positions in 195 organizations from different sectors of all sizes. Among those surveyed, 21% work at a small organization(1–100 employees), 24% work at a medium organization (100–999 employees), and 56% work at a large organization (over 1,000 employees). The most heavily represented industries were financial services (24%), government (23%), and professional services (10%). Over 70% of respondents reported that the number of cyberattacks on their organization has increased from the previous year, demonstrating that despite increased cybersecurity efforts, the attacks are persisting. The report begins with an assessment of organizations’ budgets, types of attacks, number of attacks, risk assessment frequency, multi-factor authentication (MFA) deployment, security awareness trainings, and other factors that affect the cybersecurity capabilities of organizations. The report concludes with a set of recommendations that will contribute to improving cybersecurity and resilience in the Latin American region. The recommendations focus on each data collection category and suggest actions based on the indings. For example, the data collected demonstrate inadequate investment in regular security risk assessment. An increase in governmental campaigns to create cybersecurity frameworks requiring organizations to conduct risk assessments more frequently can enable the identification of vulnerabilities. This report will enable organizations to thoroughly examine their cybersecurity capabilities and understand the next steps needed to increase their resilience against attacks. Overall, the report found that while efforts are being made to fortify cyber capabilities, threats continue to persist. Consequently, organizations must continue to pay more attention to their vulnerabilities and how they can address them.




LATAM CISO & Duke University

Read Next

PQC: Lead the Way or Fall Behind

NIST has selected the Post-Quantum Cryptography algorithms and now is the time for organizations to decide to lead or get left behind. Establishing a foundation of trust and protecting information and infrastructure with these standards is crucial.

Research Needed for the Good and Bad AI Cybersecurity Use Cases

When implemented properly, artificial intelligence is a vital tool for cybersecurity but more public research is essential to understand and monitor a diverse array of AI systems and their potential – for good and bad.

Risks Associated with IT Monoculture Needs Further Examination

IT concentration risk is a relatively new term but due to recent cyberattacks it has been front and center. To examine the issue the Center conducted an exercise to look at the threats of IT concentration risk and offer recommendations.