170 email-related healthcare breaches occured in 2025.

53% of email-related healthcare breaches occurred on Microsoft 365.

The most targeted technology by initial access brokers in LATAM in 2025 was corporate remote access portals.

40% of organizations have faced operational disruption as a result of AI activity.

Access is increasinly sold as tokens, SaaS admin, and integration footholds, not just VPN/RDP.

51.1% of organizations report dormant access exploitation

Nearly four out of five CISOs report their role has become significantly more complex.

43% of organizations have seen infrastructure expenses increase as a direct result of AI activity.

53% of organizations acknowledge they have an increased need for AI-specific security expertise to effectively defend their systems.

Only 34% of organizations know where all their data resides, whatever the level of criticality.

47% of sensitive cloud data remains unencrypted.

Credential theft is the leading attack technique against cloud management infrastructure, cited by 67% of organizations experiencing cloud attacks.

50% of organizations rank secrets management among their top application security challenges.

Nearly 60% of companies report experiencing deepfake-driven attacks.

SMBs plan to use AI in 2026 for threat detection (39%), incident response (34%), fraud detection (34%), and automated phishing detection (31%).

48% of companies report reputational damage tied to AI-generated misinformation or impersonation campaigns.

30% of companies dedicate specific budgets to AI security.

53% of organizations still depend on traditional security programs built primarily for human users and perimeter-based controls.

Cyberattacks rank as the number one business concern for small- and medium-sized businesses (SMBs).

39% of CISOs who have partially or fully adopted agentic AI strongly agree it has increased their teams' reporting speed, which is more than double the 18% among CISOs who are still exploring agentic AI.