Global Cybersecurity Outlook 2026 Regional Analysis Latin-America and the Caribbean

Supply chain –The top three cyber risks related to supply chain security reported by organizations in Latin America and the Caribbean are: 1. Visibility: Lack of visibility in own organization’s extended supply chain 2. Concentration risk: A high degree of dependence on critical third-party suppliers 3. Inheritance risk: Inability to assure integrity of third-party software, hardware and services –To mitigate these risks, 58% of organizations in this region prioritize involving the security function in procurement processes, while 52% assess their supplier maturity. This approach is broadly consistent with practices observed in other regions. With regard to the ways in which your board is engaged in cybersecurity, the following statements apply: 92% 8% Board is engaged in cybersecurity Board is not engaged in cybersecurityHow would you rate your organization’s cyber resilience? Our cyber resilience is insufficientOur cyber resilience meets minimum requirementsOur cyber resilience exceeds our requirements 25% 62%12%Resilience –In Latin America and the Caribbean, 12% of organizations rate their cyber resilience as exceeding requirements, while around 25% assess it to be insufficient, resulting in the second-lowest resilience level across regions, according to the GCO 2026 survey. –The top three challenges to achieving cyber resilience reported by organizations in this region are: 1. Rapidly evolving threat landscape and emerging technologies (52%) 2. Shortage of cybersecurity skills and expertise (50%) 3. Third-party and supply chain vulnerabilities (40%) –Additionally, 35% of organizations highlight insufficient incident response and recovery planning as a main challenge to resilience – the highest rate for this factor among all regions. –Encouragingly, 92% report active engagement from their board in cybersecurity matters, which is similar to other regions (globally 93%).How does your organization address supply chain cyber risk? Latin America and the CaribbeanWe simulate cyber incidents and/or plan recovery exercises with our ecosystem partnersWe align our cyber resilience strategy among our ecosystem partnersWe map our ecosystem in detail to understand where we or our partners are exposed to cyber threatsWe assess the security maturity of our suppliers We share information on threats with partners in our ecosystem (customers, suppliers, partners)We involve our security function in the procurement process 58% 52% 37% 31% 29% 27%