In recent months, Latin America and the Caribbean have become the most targeted region by cyberattacks globally, surpassing Africa in terms of overall risk. This data emerges from the latest analyses by Check Point Research, which reveal a steady and structural growth in cybercriminal activity in the region.
According to CheckPoint’s report, Latin American organizations experienced an average of 3,065 cyberattacks per week through 2025, a 26% increase year-over-year . This is approximately 40% higher than the global average , a gap that highlights unprecedented pressure on local digital systems.
Most of the targeted organizations experienced attempts to disclose information unauthorizedly : 76% experienced such incidents. In many cases, attacks aimed at remote code execution and authentication bypass were also detected, confirming an increasingly sophisticated threat landscape.
Furthermore, more than 5% of organizations have been hit by ransomware attacks , as confirmed by Angel Velasquez, security engineering manager for Latin America at Check Point Software. According to Velasquez, the increase in attacks is linked to multiple concurrent factors: the spread of data extortion, the growth of credential theft campaigns, the exploitation of vulnerabilities in edge devices, and the increasingly frequent use of artificial intelligence by attackers. Forecasts indicate a further acceleration in ransomware activity in the following quarter, with a particular focus on the healthcare and manufacturing sectors.
The escalation isn’t unexpected. Check Point reported in 2025 that Latin America was the region with the fastest growing attack rate in the world. This trend was also confirmed by CrowdStrike, which observed a 15% increase in ransomware and extortion attacks, along with a significant increase in intrusions using compromised credentials.
The two companies, however, offer somewhat different interpretations of the geographic distribution of the attacks. For Check Point, the most affected countries are Jamaica, Paraguay, and Peru . CrowdStrike instead identifies Brazil, Mexico, and Argentina as the primary targets, especially for the activities of ransomware gangs and initial access brokers , as explained by Adam Meyers, head of counter-adversary operations at the company.
According to Meyers, these markets feature large digital footprints and strong cross-border trade connections, making them particularly attractive to financially motivated cybercriminals and, in some cases, state actors interested in government or infrastructure targets.
Ease of initial access to compromised networks plays a key role. CrowdStrike reports a 38% increase in access broker activity in the region, fueled by the availability of stolen credentials and the presence of local criminal ecosystems. Underground Spanish-language forums facilitate the sale of access and tools, making attacks faster, more repeatable, and more efficient.
The geopolitical context further adds to the complexity of the scenario. According to CrowdStrike’s “2025 Latin America Threat Landscape Report,” some governments are seeking to strengthen the resilience of their digital infrastructures by collaborating with global technology players. However, the adoption of Chinese technologies and the analysis of the use of spyware for domestic surveillance could expand the attack surface.
Social and political factors also play a role. Velasquez emphasizes how local instability, such as that observed in Venezuela, can foster disinformation campaigns and other destabilizing cyber operations.
At the same time, major cyber powers are becoming increasingly interested in the region. CrowdStrike reports an increase in cyberespionage operations linked to China , with targeted campaigns targeting government agencies, telecommunications, and military facilities. Recent U.S. military operations in the Caribbean and Venezuela, according to Meyers, likely included a cyber component.
In this context, the use of artificial intelligence represents another area of risk. The Check Point report highlights that 91% of organizations using generative AI tools encountered potentially dangerous prompts. Approximately 3% of the prompts analyzed could result in the leakage of sensitive data, while a quarter included information considered potentially confidential.
Looking ahead to 2026, Check Point highlights strategic priorities as strengthening resilience against ransomware and implementing robust governance controls around the use of GenAI to reduce operational exposure and the risk of data loss.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
