Introduction
America Latina has become the global epicenter for cyberattack growth, with a staggering annual increase of 25% in incidents and an average of 2,803 attacks per week targeting businesses. This is significantly higher than the global average.
The Rising Trend
Between 2014 and 2023, the disclosed incidents in Latin America rose at an annual rate of 25%, the highest globally. By 2025, organizations face an average of 2,803 weekly attacks, compared to 1,984 globally.
Vincent Speranza, Director of Endeavor Mexico, stated in an interview with El Economista: “Latinoamerica appears to be one of the zones with the highest growth in cyberattacks. We live in a region that is very fertile ground for such attacks.”
Reasons Behind the Growth
According to the report “Cybersecurity, Enabler of Trust and Competitiveness” by Endeavor and Incode, this growth is attributed to two primary factors: the expansion of Latin America’s digital economy (145% growth in IoT and 280% in e-commerce post-pandemic) and a structural lag in digital policies, talent, and culture.
“There’s a gap between perception and reality. Companies feel protected, but when we dig deeper, it seems they aren’t as prepared as they think,” Speranza added.
Human Factor: The Primary Vulnerability
The report identifies the human factor as the main vulnerability. 68% of companies recognize phishing and social engineering as their most frequent threats, surpassing ransomware (54%).
In Mexico, 41% of organizations rely exclusively on passwords, a practice that perpetuates weak authentication schemes.
“Phishing and social engineering are the greatest perceived risk by organizations; despite technological advancements, the human link remains vulnerable,” said Patrick Kaper, Content Research Manager of Endeavor Mexico.
Delayed Response and High Costs
On average, each cybersecurity incident takes 277 days to identify and contain (207 for detection and 70 for containment), with each breach costing around $3.81 million.
Illusion of Preparedness
Most Latin American companies claim to be ready, with 65% asserting preparedness against attacks. However, only 17% evaluate their cybersecurity strategy monthly or continuously, and 36% admit insufficient investment.
“The global average is 1,900 weekly attacks; we’re at 2,800, and it’s not trivial. There’s still a sense of naivety: we haven’t seen significant damage, but everyone perceives a higher attack probability,” Speranza noted.
This discrepancy between perception and reality is what the authors call a “maturity gap.” As Kaper explained, “Nine out of ten companies claim to have improved their cybersecurity practices, but only 17% review them continuously. Awareness is growing, but the journey is long.”
Corporations vs Startups: Different Speeds, Same Risk
The study highlights differences between organization types. Corporations report a higher volume of attacks, adopt AI-powered detection and response tools almost twice as often as startups and scaleups, and exhibit a higher maturity level.
However, this doesn’t exclude them from risk. Speranza stated, “Corporations face higher volume and sophistication attacks, but startups are also targets. AI usage introduces new risks.”
“There’s a clear correlation between intensive AI use and vulnerability: generating more data exposes companies to risks that attackers seek to exploit or monetize,” added the report.
The Ecosystem’s Response
Facing this scenario, Speranza and Kaper agree that the challenge is collective, requiring education, public-private collaboration, and a more strategic approach.
“The state is attentive but needs to strengthen public database protection and foster international cooperation,” Speranza emphasized.
“Cybersecurity should move beyond auditing and become a core business pillar,” Kaper concluded.
From Vulnerability to Resilience
Despite the diagnosis, the study concludes optimistically. The risk exposure is driving an unprecedented wave of innovation and cooperation.
“The key is transforming mindset: shifting from basic compliance to a structural resilience culture,” the report advises.
“It’s not an attractive topic, but it’s necessary for the ecosystem. If left unaddressed, vulnerability could hinder the digital growth we’ve worked hard to build,” Speranza warned.
