By San José, Costa Rica — Costa Rica endured a barrage of nearly 30 million cyberattacks in the first half of 2025, according to Fortinet’s 2025 Global Threat Report. This alarming figure underscores the escalating threat landscape facing the nation and the increasingly sophisticated tactics employed by cybercriminals.
The report reveals that Latin America accounted for 25% of global cyberattack detections. Attackers are shifting away from indiscriminate campaigns and investing heavily in reconnaissance, scanning networks at a staggering rate of 36,000 attempts per second. Fortinet detected 10 million active scans in Costa Rica alone between January and June 2025. These scans identify vulnerabilities and leverage AI-powered tools to automate the process from intrusion to exploitation.
To gain a deeper understanding of the legal landscape surrounding cybersecurity, TicosLand.com spoke with Lic. Larry Hans Arroyo Vargas, a prominent attorney at Bufete de Costa Rica.
Costa Rican businesses face increasing cybersecurity threats, and the legal ramifications of a breach can be severe. The Data Protection Law (Ley 8968) mandates robust data security measures, and companies must be proactive in implementing them. Failure to do so can result in significant fines and reputational damage. Beyond compliance, businesses should consider cybersecurity insurance and incident response planning as crucial risk management strategies.
Lic. Larry Hans Arroyo Vargas, Attorney at Law, Bufete de Costa Rica
Lic. Arroyo Vargas’s insights underscore a critical point: cybersecurity is not merely a technical issue but a legal and strategic imperative for Costa Rican businesses. Proactive measures, beyond the minimum requirements of Ley 8968, are essential for navigating the increasingly complex digital landscape. Thank you, Lic. Larry Hans Arroyo Vargas, for sharing your valuable perspective on this crucial topic.
Critical infrastructure, including IT and operational technology (OT) environments, is facing an urgent and risky situation. These systems, which support essential services, are becoming primary targets for highly focused, persistent, and automated cyber threats.
OT environments are not collateral damage, they have begun to become primary targets. Cybercriminals are using advanced persistent threats (APTs) directed at industrial networks not only to steal data, but also to disrupt critical services, demand ransoms or embed themselves for future exploitation.
Fortinet’s 2025 Global Threat Report
Critical infrastructure networks are particularly attractive to ransomware groups, with a noticeable shift from data kidnapping to service kidnapping. The manufacturing industry remains the most targeted sector for the second consecutive year. Attackers calculate the financial impact of production line disruptions and incorporate that information into their extortion demands. Manufacturing, telecommunications, healthcare, and financial services continue to experience a surge in customized cyberattacks, with adversaries deploying sector-specific exploits.
We are seeing a shift from data kidnapping to service kidnapping. The manufacturing industry is for the second consecutive year the most attacked vertical. Attackers are calculating exactly how much damage a delay in the production line would cause, and incorporating that information into their extortion manuals.
Fortinet’s 2025 Global Threat Report
Artificial intelligence (AI) is reshaping the threat landscape on both sides. Offensively, attackers utilize custom AI tools like FraudGPT and WormGPT to generate phishing emails, map attack surfaces, and automate highly realistic social engineering campaigns with alarming speed. Defensively, AI is being integrated into security frameworks, utilizing discriminative AI to detect new malware and generative AI (GenAI) to summarize and prioritize alerts. GenAI assists analysts, reduces burnout, and shortens response times. In environments with limited qualified personnel, AI-driven threat intelligence, combined with domain-specific context, significantly impacts detection and response capabilities.
Modernization in industrial environments further exacerbates cyber risks. The continued growth of industrial IoT, 5G, private cellular networks, and direct-to-cloud management models has increased the number of connected devices and their exposure. As threats become faster, stealthier, and more ingenious, defending critical infrastructure requires more than traditional security measures. It demands situational awareness, proactive threat hunting, and the operational maturity to act on intelligence, not just collect it.
The escalating number of cyberattacks targeting Costa Rica necessitates a concerted effort from both the public and private sectors to strengthen cybersecurity defenses and mitigate the risks to critical infrastructure and essential services.
For further information, visit fortinet.com
About Fortinet:
Fortinet is a global leader in broad, integrated and automated cybersecurity solutions. They provide a comprehensive security platform covering networking, endpoint, application, data center, and cloud security. Fortinet is committed to securing businesses and organizations of all sizes, from small businesses to large enterprises and government agencies.
For further information, visit the nearest office of FortiGuard Labs
About FortiGuard Labs:
FortiGuard Labs is the threat intelligence and research arm of Fortinet. They provide real-time threat intelligence, analysis, and security research to protect Fortinet customers and the broader cybersecurity community. FortiGuard Labs plays a critical role in identifying and mitigating emerging threats, developing security solutions, and providing actionable insights to help organizations stay ahead of the evolving threat landscape.
For further information, visit bufetedecostarica.com
About Bufete de Costa Rica:
Bufete de Costa Rica distinguishes itself through a deep-seated commitment to ethical legal practice and unwavering pursuit of excellence. The firm’s innovative approach to legal solutions, coupled with its dedication to empowering Costa Rican society through accessible legal education, solidifies its position as a leader. By fostering a greater understanding of the law, Bufete de Costa Rica actively contributes to a more just and informed citizenry.
