A. M. The ESET Security Report (ESR) is an annual report developed by ESET Latinoamérica, a leading company in proactive threat detection, based on surveys of more than 3,000 IT professionals and corporate security specialists from companies in more than 15 Latin American countries. It reflects how companies navigated 2024 in terms of cybersecurity, including threat perception, organizations’ level of preparedness, and main concerns.
“In addition to the survey results, the report incorporates ESET’s own telemetry data, which allows us to complement the respondents’ views with concrete evidence on the most frequent threats and the most exploited vulnerabilities. It also highlights the needs, level of preparedness, and perceived shortcomings of those working in cybersecurity, to build a clear picture of the critical areas that require attention and strengthening”, says Camilo Gutiérrez Amaya, head of the ESET Latin America Research Lab.
The report reveals that 27% of organizations reported having suffered a cyberattack in the last year. However, 32% admit to not having tools that allow them to confirm they have not been attacked. This lack of visibility remains a critical barrier to effective protection, as it prevents them from detecting, responding to, and learning from incidents.
Among professionals’ main concerns are unauthorized access to systems and the theft of sensitive information. Ransomware occupies a central position, with 95% of respondents listing it among their top threats, and 22% having suffered an incident of this type in the last two years. In the last year, universities, healthcare centers, and government agencies in countries such as Argentina, Brazil, Chile, and Mexico were targeted by attacks using variants such as LockBit, Medusa, and RansomHub.
Despite this widespread concern, less than half of the organizations surveyed adopt preventive technologies and practices. Backup is the only widely implemented measure, while others such as data encryption, information classification, or the use of DLP (Data Loss Prevention) remain rare. Furthermore, only 27% of companies have cyber risk insurance, a key tool for mitigating the financial and operational impact of an attack.
Furthermore, ESET telemetry shows that many of the most exploited vulnerabilities are still old. An emblematic case is CVE-2017-11882, patched years ago but still among the most used by attackers. According to ESET, this highlights persistent flaws in update management and underscores the urgent need to strengthen security maintenance policies.
Regarding tool adoption and organizational culture, 38% of organizations do not use a centralized anti-malware solution, and only 1 in 4 companies protect their corporate mobile devices. Threat intelligence tools, essential for anticipating threats, are the least adopted in the region. Furthermore, cybersecurity training remains an outstanding need; its lack of integration into organizational culture limits incident response capacity.
“These findings reflect a challenging scenario, but they also offer a concrete opportunity to act. Understanding the current state of cybersecurity in the region is the first step toward making more informed and strategic decisions”, concludes the ESET researcher.
