Microsoft: Companies in Latin America see a high cyber threat and predict it will increase

Mexico.- Most large Latin American companies currently perceive a high or very high level of threat in cybersecurity and, in addition, anticipate that the risk will continue to grow, according to a Microsoft survey. In an interview with EFE, Microsoft's Cybersecurity Director for Latin America, Marcelo Felman, and the Director of Data & Intelligence at Edelman, Alba Hermo, explained that these results occur in a context where investment gaps, employee training, and policies for the use of artificial intelligence (AI) persist. The study, a survey of cybersecurity experts from large companies —defined as organizations with more than 250 employees and more than 200 active computers—, considered markets such as Mexico, Argentina, Colombia, Chile, Costa Rica and Puerto Rico, with results showing “very universal” patterns in the region, Hermo pointed out.

We recommend reading:Microsoft unveils Maia 200, its new AI chip to compete with Google and Amazon

In the survey, 60% of those consulted in the region place the current threat level at "high or very high", compared to 28% "moderate" and 12% "low or very low".

Risk perception by countries

By country, the perception of high threat scales to 65% in Mexico, Argentina (62%) and Costa Rica (61%), while it drops to 53% in Chile and 52% in Puerto Rico. The trend is also upward, as 74% believe that the threat level increased in the last 2-3 years and 79% see it as a priority that will increase in the next 2-3 years. In parallel, the region recognizes that AI is already part of the equation, as 48% declare a "moderate/high" dependence on AI to face threats — 9% "highly" and 39% "moderately". At the same time, 58% expect a high impact of AI on cybersecurity practices and 36% a "moderate" one. However, the study reveals structural lags, as only 14% of the companies surveyed consider a high level of investment in cybersecurity compared to the total spending on technology. In general preparation for the current situation, 37% consider themselves "highly prepared", with an obvious weak point when it comes to specific capabilities. In this area, data privacy leads prevention (62% "high"), but employee awareness and training falls to 36% "high", and AI policies remain at 34% "high".

Investment Backlogs in Cybersecurity

The chapter on AI-related threats reinforces this diagnosis, where the greatest perceived risks for the region are malware or ransomware (52%), phishing or social engineering (35%), cloud threats (21%), unauthorized use of generative AI tools by employees (19%), and deepfakes (16%). Microsoft warns that the mismatch between perception and controls occurs when attackers industrialize the "scam at scale". "The threat landscape is intensifying, we are seeing that the integration of AI is, while being an ally for cybersecurity management, also expanding the attack surface," summarized Hermo. Meanwhile, Felman recommended that large companies prioritize security as a business priority and manage it as a risk from the management level, with greater executive sponsorship and more involvement from the boards. Also, reinforce digital hygiene by attacking the basics that remain critical (identity protection, perimeter, asset monitoring) and accelerating approaches like Zero Trust ("never trust, always verify").

You can also read: Wikipedia signs agreements with Amazon, Meta and Microsoft for content supply to AI companies

In addition to making digital resilience a key focus, operating with the premise of "it's not if it will happen to me, but when," to avoid overconfidence and prioritize plans such as incident response (not just prevention, but also what to do when it occurs). Finally, Felman suggested investing in both tools and people, since the dominant threats usually start with social engineering, which requires training to identify deceptions.