Security threat activity is accelerating rapidly in Latin America. This trend is driven in part by businesses adopting digital infrastructure at a pace that often exceeds the development of their security programs.
Last year, Check Point researchers measured a 53% year-over-year increase in weekly security incidents affecting Latin American organizations. As of early 2026, the data confirms it is the most heavily targeted region globally. In an unpublished March 2026 threat report, Check Point observed that organizations in Latin America face an average of roughly 3,100 security threats per week. In contrast, organizations in the United States average just under 1,500 weekly threats.
The divergence between the regions extends beyond pure volume. The methodologies and formats of these threats vary significantly.
Regional differences in threat profiles
Specific categories of security incidents occur more frequently in Latin America. Last month, ransomware incidents accounted for 5.4% of regional threat activity compared to 3.1% in the US. Infostealers comprised 5.3% (vs. 2.1%), banking malware 2.8% (vs. 0.8%), and botnet activity 13.1% (vs. 7.2%). Conversely, file types like Microsoft Excel spreadsheets (XLS, XLAM) frequently appear in US enterprise-focused threat campaigns but are rarely observed in Latin America.
The most significant disparity appears in how initial access occurs. In the US, 95% of harmful files last month were delivered via web vectors, including compromised websites, drive-by downloads, and malvertising. In Latin America, web delivery accounted for only 26% of files, with email representing the remaining 74%.
Phishing campaigns remain highly effective in Latin America, particularly those impersonating financial institutions, invoices, travel confirmations, or government communications, according to Julio Lemus, a security engineer at Check Point. This reliance on email vectors suggests an opportunity for organizations to prioritize security awareness and email filtering to protect their users.
Threat actors also focus on different industries depending on the region. Healthcare ranked as the ninth most affected sector in the US last month. In Latin America, healthcare has remained the most affected sector for multiple consecutive months; in February, it experienced 28% more threat activity than education, the second most affected sector. Financial services ranked sixth in Latin America, while it did not appear in the top ten for the US.
Factors driving regional threat activity
The Organization of American States (OAS) and the Inter-American Development Bank (IDB) evaluated regional security maturity in their 2025 Cybersecurity Report. Using the Cybersecurity Capacity Maturity Model for Nations (CMM) developed with Oxford University, the analysis scores national security maturity on a scale of 0 to 5. Most countries in the region scored between 2 and 3, indicating foundational but incomplete security frameworks.
Carlos Borges, a senior intelligence analyst with Intel471, notes that while large financial enterprises in countries like Brazil maintain well-resourced security programs, many small and medium-sized organizations remain susceptible to opportunistic threat actors.
However, even large organizations face complex risks. Borges highlighted a supply chain incident involving Brazilian fintech provider C&M Software last July. An insider collaborated with an external cybercrime group to execute unauthorized transfers totaling hundreds of millions of dollars from the core financial system operated by the Brazilian Central Bank. Two months later, C&M Software experienced a separate unauthorized access incident involving the Dragonforce ransomware group.
Economic and technological variables further complicate the environment. Organizations in the region frequently operate with mixed IT environments and varying levels of security investment, which creates structural vulnerabilities. Because threat actors view the region as a high-return environment for extortion and fraud, they often scale automated campaigns—like phishing and credential theft—across multiple organizations simultaneously.
To protect their operations, security teams managing infrastructure in Latin America can leverage this intelligence to focus on immediate mitigations. Strengthening email defenses, implementing phishing-resistant authentication, and establishing baseline security standards across mixed IT environments are high-impact steps for reducing regional risk.