30% of security leaders cite a lack of board understanding of the link between cybersecurity investment and business resilience as their biggest challenge in defending spend.

82% of organizations now harbor security debt, an 11% increase from the prior year.

47.2% of SMBs say alert fatigue is the key hurdle to resolving security vulnerabilities and incidents.

82.8% of adversary activity occurs during an extended precursor phase, long before operational impact is realized, with an average dwell time of 185 days .

More than 1.6 million phishing emails rely on newly created domains for malicious activity.

41% of breached healthcare organizations fell into a high-risk category based on their email configuration, up from 31% in 2024.

The most targeted sectors by ransomware in LATAM in descending order were consumer and industrial products; energy, resources and agriculture; and professional services and consulting.

Fewer new RaaS programs (-17.9%), but overall activity continued to expand.

43.6% of organizations report the use of stolen credentials as an entry vector

34% of SMBs admit their cybersecurity technology is outdated.

34% of SMBs have vulnerability scanning.

42% of SMB owners and cyber leaders prioritized employee hiring, raises, and bonuses over new cybersecurity investments in the past year.

63% of security leaders report using quantified ROI to measure cybersecurity investments.

59% of security leaders report using outcome metrics to measure cybersecurity investments.

44% of organizations would cut AI investment first if cybersecurity budgets tightened.

Large supply chain and third-party compromises have nearly quadrupled since 2020.

The number of ransomware variants in LATAM rose from 48 to 79 with the most impactful gangs being the Qilin, The Gentlemen, SafePay, Akira and Inc. groups.

The most impacted sectors by initial access brokers in LATAM in 2025 in descending order were public; energy, resources and agriculture; and technology, media and telecommu- nications

When open source using organizations were asked if they took steps to improve its patch and vulnerability management processes in the last 12 months, 63.2% said they reviewed/updated internal vulnerability management processes.

Only 1% of organizations said they decreased the time required for patching a critical or high-priority Linux vulnerability after it was detected.