Today we’re joined by Rupert Marais, our in-house security specialist, to unpack the complex and urgent cybersecurity crisis facing Latin America. As the region accelerates its digital transformation, a perfect storm is brewing: a staggering lack of confidence in national cyber defenses, a critical shortage of skilled professionals, and a dramatic surge in cyberattacks. We’ll explore the deep-seated reasons behind this vulnerability, how foundational infrastructure issues compound the problem, and how the rise of AI presents both a formidable threat and a potential solution.
Confidence in national cyber defense is exceptionally low in Latin America, with only 13% of organizations feeling secure. What specific government actions or inactions fuel this sentiment, and what practical steps could authorities take to begin rebuilding trust with the private sector?
This profound lack of confidence is a direct reflection of what businesses are experiencing on the ground. When only 13% of your organizations trust the national defense strategy, compared to a global average of 37%, you have a fundamental problem. This sentiment isn’t born from a single incident but from a persistent pattern of under-resourcing and a visible lag in incident response capabilities. Organizations see their counterparts in more advanced economies with robust defenses, while they are left feeling exposed as their own digital infrastructure rapidly expands. To rebuild trust, governments must move beyond rhetoric. They need to establish clear, well-funded governance frameworks for cybersecurity, create public-private partnerships for threat intelligence sharing, and visibly invest in the resilience of critical infrastructure. Showing they can stop and effectively respond to an attack is the only way to turn that 13% figure around.
With over two-thirds of organizations missing critical cyber skills, what are the primary barriers to developing a robust local talent pipeline? Can you share a specific example of a training or retention program that is successfully closing this skills gap in a Latin American country?
The skills gap is perhaps the most pervasive and systemic issue hobbling the region’s cyber resilience. The primary barriers are a lack of deliberate investment and coordination in building that talent pipeline from the ground up. It’s a vicious cycle: without skilled professionals, you can’t secure your expanding digital ecosystem, which in turn makes the region less attractive for investment and growth. While the text doesn’t highlight a specific country’s program, it points to the World Economic Forum’s Cybersecurity Talent Framework as the essential model to follow. This isn’t just about training; it’s a four-pronged strategy. You must attract new talent, broaden the training opportunities available, get better at identifying the right people, and, crucially, retain them. This last point is where many efforts fail. It requires a collective effort from leadership to tackle high job stress and provide proper recognition for cybersecurity roles, which builds a loyal, committed workforce that is essential for long-term resilience.
The region has seen a 53% surge in cyberattacks, which is often compounded by foundational issues like unreliable internet connectivity. How does this unstable infrastructure uniquely handicap incident response, and what cost-effective resilience strategies can a company implement when facing these combined challenges?
That 53% year-over-year increase is alarming, and when you layer on top of it the challenge of unreliable infrastructure, the situation becomes uniquely difficult. Intermittent power outages or limited broadband coverage can be absolutely crippling. Imagine trying to conduct a rapid incident response when your connection to the affected systems keeps dropping, or when you can’t maintain the continuous security monitoring needed to detect threats in the first place. It severely weakens your ability to react in real-time. For a company facing this, cost-effective resilience means focusing on fundamentals that aren’t entirely dependent on a perfect connection. This includes robust offline backup and recovery plans, deploying endpoint security that can operate autonomously for periods, and investing heavily in employee training to spot phishing and other threats before they require a massive, network-intensive response. It’s about building a defense that can withstand not just the cyberattack, but also the environmental instability.
AI is enabling more sophisticated native-language fraud, with 77% of respondents noting its impact. How can organizations leverage AI for defense while also preparing for these new, hyper-localized threats? Please describe the top two investments a company should make in AI-driven security.
AI is a classic double-edged sword here. The fact that 77% of leaders in the region have seen AI-enabled fraud personally or know a victim shows how effectively criminals are weaponizing it to create hyper-localized, native-language scams that are incredibly convincing. But that same technology is vital for defense. The first key investment must be in AI-enabled security solutions themselves. These tools can analyze vast amounts of data to detect anomalies and threats far faster than human teams, helping to close the gap created by the skills shortage. The second, and perhaps more strategic, investment is in people. As expert Rafe Pilling noted, because AI security is a brand-new field, there are no long-established experts. This is a massive opportunity for Latin America to train a new wave of cybersecurity professionals who are primed to become specialists in defending this new technology stack, effectively leapfrogging the entrenched skills gap in other areas.
Cybercrime syndicates from Asia are increasingly targeting Latin America, while countries like Mexico prepare for massive events like the 2026 World Cup. How does this international dimension complicate defense, and what specific, collaborative measures should governments and event organizers prioritize immediately?
The international dimension adds a significant layer of complexity. We’re not just talking about local cybercriminals anymore; these are sophisticated, well-funded syndicates from places like Southeast Asia and China who see the region as a ripe target. This complicates things because their methods are advanced and they operate beyond the jurisdiction of local law enforcement. For a massive event like the World Cup, which is a magnet for cyberattacks, this threat is amplified. The immediate priority must be intense, cross-border collaboration. This means governments sharing threat intelligence with international partners to track and prosecute these groups. For the event itself, a tight, public-private partnership between Mexican authorities and event organizers is non-negotiable. They need to conduct joint risk assessments on all critical infrastructure—from ticketing systems to stadium operations—and run coordinated response drills to ensure they are prepared for a major, internationally-backed cyber incident.
What is your forecast for cybersecurity resilience in Latin America over the next five years?
My forecast is one of cautious optimism, but it hinges entirely on the choices made in the very near future. The region is at a critical tipping point. If governments and private organizations commit to deliberate investment in talent, foster genuine collaboration, and focus on building resilient infrastructure, they have a unique opportunity to turn this digital progress into inclusive growth. The lack of an entrenched cybersecurity population could even be an advantage, allowing them to build a modern workforce focused on new challenges like AI. However, if they fail to act decisively, the gap will only widen. As Giulia Moschetta warned, that digital progress will instead become a source of systemic vulnerability, leaving the region increasingly susceptible to the sophisticated threats that are already at its doorstep.
