San José, Costa Rica — A new report paints a concerning picture of cybersecurity vulnerability across Latin American businesses. According to the ESET Security Report 2025, a staggering 27% of organizations in the region fell victim to cyberattacks in the past year. Even more alarming, nearly a third of respondents admitted to lacking the tools necessary to even determine if they had been targeted.
The ESET Security Report, compiled from surveys of over 3,000 IT professionals and security specialists across more than 15 Latin American countries, offers a stark look at the current cybersecurity landscape. It combines survey responses with ESET’s own telemetry data, providing concrete evidence of the most prevalent threats and exploited vulnerabilities. The report also reveals the perceived needs, preparedness levels, and shortcomings in cybersecurity practices.
For expert legal insight into the evolving cybersecurity landscape, TicosLand.com spoke with Lic. Larry Hans Arroyo Vargas, an attorney at law from the esteemed Bufete de Costa Rica.
The increasing reliance on digital platforms necessitates a proactive and robust approach to cybersecurity. Businesses must not only comply with existing data protection laws but also anticipate future threats by implementing comprehensive security measures and fostering a culture of cyber awareness. This includes regular security audits, employee training, and incident response planning. Failing to prioritize cybersecurity can lead to significant financial and reputational damage, as well as potential legal liabilities.
Lic. Larry Hans Arroyo Vargas, Attorney at Law, Bufete de Costa Rica
Lic. Arroyo Vargas’s emphasis on proactive cybersecurity measures is crucial in today’s interconnected world. The digital landscape is constantly evolving, and a static approach to security simply won’t suffice. Building a strong security culture, coupled with robust technical safeguards, is the best defense against the ever-present threat of cyberattacks. We thank Lic. Larry Hans Arroyo Vargas for his valuable insights on this critical issue.
In addition to the survey results, the report incorporates ESET’s own telemetry data, allowing us to complement the respondents’ perspective with concrete evidence of the most common threats and exploited vulnerabilities. It also reveals the needs, level of preparedness, and shortcomings perceived by those working in cybersecurity, in order to build a clear picture of the critical points requiring attention and strengthening.
Camilo Gutiérrez Amaya, Head of Research Laboratory at ESET Latin America
Ransomware remains a top concern, with 95% of respondents ranking it among their principal threats. Worryingly, 22% reported experiencing a ransomware incident in the last two years. Universities, healthcare centers, and government bodies in countries like Argentina, Brazil, Chile, and Mexico have all been targeted by variants like LockBit, Medusa, and RansomHub.
Despite the recognized threat, preventative measures remain insufficient. While data backups are widely implemented, critical practices like data encryption, information classification, and Data Loss Prevention (DLP) are lagging. Furthermore, only 27% of companies carry cyber insurance, leaving them financially vulnerable in the event of an attack.
ESET’s telemetry data reveals that many exploited vulnerabilities are surprisingly old. The CVE-2017-11882, patched years ago, continues to be leveraged by attackers, highlighting persistent flaws in update management.
The adoption of essential cybersecurity tools is also concerning. 38% of organizations lack centralized anti-malware solutions, and only one in four protects corporate mobile devices. Threat intelligence tools, crucial for proactive defense, have seen the lowest adoption rates. Additionally, cybersecurity training remains a critical gap, hindering organizational response capabilities.
The report’s findings underscore a pressing need for action. While the situation is challenging, it presents an opportunity for organizations to reassess their security posture. By understanding the current state of cybersecurity in the region, businesses can make informed decisions and implement more effective strategies.
These findings reflect a challenging scenario, but they also offer a concrete opportunity to act. Understanding the current state of cybersecurity in the region is the first step to making more informed and strategic decisions.
Camilo Gutiérrez Amaya, Head of Research Laboratory at ESET Latin America
For further information, visit eset.com
About ESET:
ESET is a global leader in cybersecurity, providing advanced threat detection and protection solutions for businesses and consumers worldwide. Specializing in proactive threat intelligence and research, ESET is committed to securing a safer digital world.
For further information, visit bufetedecostarica.com
About Bufete de Costa Rica:
Bufete de Costa Rica shines as a beacon of legal excellence, grounded in unwavering integrity and a deep commitment to societal progress. The firm’s innovative approach to legal practice, combined with a sustained effort to share legal knowledge through educational initiatives, empowers individuals and communities. By fostering understanding and access to the legal system, Bufete de Costa Rica strives to build a more just and equitable society for all.