{Data/Design/Engineer}

DataViz

Cyberattacks in Latin America and the Caribbean: What the data says

The Latin America and Caribbean (LAC) region is at the epicenter of an accelerated digital transformation, but also of a growing risk: Over the past 10 years, LAC has seen an exponential increase in cyber incidents. Based on documented event records, we can build a clearer picture of who is attacking, whom, why, and how often. In this publication, we explore the main patterns found by researchers at the Center for International and Security Studies at Maryland (CISSM) through their Cyber Event Database, which compiles public information on cyber events from 2014 to the present. We will use some visualizations made with the D3.js library and a final dataviz created in After Effects to facilitate exploration and understanding of the topic.

“The current dataset includes records up to December 31, 2024. It was created to address the lack of consistent, well-structured data needed to make strategic decisions about how to invest resources to prevent and respond to cyber events.” CISSM


1. How many cyberattacks were recorded per year?

Since 2014, reported cyber incidents have grown by an average of 21% annually worldwide. Latin America and the Caribbean has led this growth with a rate of 25%. We can see that Brazil has been the most targeted country, with 146 attacks, representing 33.8% of the total attacks in the last decade.


This animation could show how each year represents a jump in the number of incidents, especially during events such as the pandemic or international conflicts during 2022 and 2023. We can also highlight the year 2016, when attacks doubled, leaving Mexico as the most affected country.

2. Which countries are most affected?

Brazil peaked in 2022 with 35 attacks, followed by Mexico with 19 attacks in 2016 and Colombia with 16 in 2022. Throughout the decade, the order changed slightly, with Brazil (146) and Mexico (76) always in first and second place, Argentina (38) in third, Chile (35) in fourth, and Colombia (26) in fifth.


🔺 Sustained increase in attacks

  • The total number of cyberattacks is growing significantly from 2020 onwards, peaking in 2022.
  • This could be related to:
  • Greater post-pandemic digitization.
  • Greater visibility and recording of incidents.
  • Increased activity by criminal groups and hacktivists in the region.

🌎 Brazil is consistently the most affected country

  • Represented by the predominant orange band in almost all years.
  • Its relative weight is high in all periods, especially 2016, 2019, and 2022.
  • This may be due to its size, degree of digitization, and regional exposure.

🟣 Other countries with a strong recent presence

  • Mexico, Colombia, Chile, Guatemala, Costa Rica, and Peru have had a growing share in recent years.
  • The geographical diversification of attacks is evident in 2022 and 2023.

🧩 2022: a critical year

  • This is the year with the highest number of attacks in the series.
  • It stands out both for the volume and the variety of countries affected.
  • It may have been influenced by global geopolitical conflict (e.g., the war in Ukraine) or massive regional attacks such as those in Costa Rica.

3. Which industries are most targeted?


🔷 Public Administration:

  • This is the most targeted sector, with 136 incidents.
  • It accounts for approximately 31.5% of the total (136 out of 432).
  • This suggests that government institutions are highly exposed, possibly due to their symbolic or political value, or due to deficiencies in cybersecurity.

💰 Critical economic sectors are also targets:

  • Finance and insurance (58 attacks) and professional/technical services (23 attacks) are among the most affected.
  • This reflects the interest of attackers motivated by economic gain.

🎓 Education and health are also vulnerable:

  • Education (12) and health (11) have a significant number of incidents, suggesting:
  • Lack of investment in cybersecurity.
  • High sensitivity of the information they handle.

🧱 Wide sectoral distribution:

  • Most economic sectors are represented in the graph.
  • Even sectors such as “Utilities,” “Retail,” and “Transportation” have more than 10 attacks each.

📉 Other sectors have less exposure, but not none:

There are sectors with few incidents (1 to 6), such as real estate, business administration, and wholesale trade, which may be less digitized or less reported.

4. Actors: Who is behind the attacks?


🕵️ Most attacks come from unidentified actors.

“Undetermined” leads with 160 attacks, representing:

  • More than 50% of the total in the top 10.
  • A large gray area of attribution in the region.
  • This may reflect a lack of forensic capabilities or a reluctance to disclose accurate information.

🎯 Clear presence of known criminal groups and hacktivists

  • LockBit 3.0 (22), ALPHVM (15), REvil (8), and RansomEXX (6) are known for global ransomware attacks.
  • Guacamaya (16) and Anonymous (30 combined) represent hacktivist movements with ideological, political, or social motivations.

🧠 Several highly specialized actors

Vice Society (13) and the NGB 3rd Technical Surveillance Bureau (11) point to organized actors, including state actors or those with advanced technical capabilities.

5. Types of attacks and motivations


💰 Financial motivation dominates

  • 256 attacks with financial motives.
  • This represents more than 50% of the total.

    Mainly “Exploitive” (72) and “Mixed” (125), suggesting:
  • Many attacks combine initial access with exfiltration and/or ransomware.
  • Clearly executed by groups with financial motives.

❓ Large proportion of undetermined motives

  • 71 attacks with no clear motivation.
  • This represents an area of opacity, as is also the case with the attribution of actors.

    Reflects:
  • Lack of forensic analysis.
  • Reporting issues.
  • Or, attacks with multiple possible interpretations.

✊ Hacktivism and protest carry significant weight

  • 70 attacks for protest and 32 for political espionage.
  • In protests, the “exploitative” component (45) outweighs the disruptive component, indicating attacks that are more sophisticated than simple defacements.
  • In political espionage, all are exploitative, which is typical of sustained infiltration campaigns.

🧨 Other motives are marginal

Or simply underreported.
Sabotage (2) and industrial espionage (1) have a token presence.

This may reflect:

  • Low capacity to detect these types of attacks.
  • Less interest from attackers in industrial targets in the region.

6. Conclusions

🧩 Public administration is the most targeted sector

  • With 136 incidents, it accounts for more than 30% of the total.
  • This reflects persistent vulnerabilities in government entities.
  • It requires urgent attention in public cybersecurity policies.

💰 Financial motives clearly dominate

  • More than 50% of attacks are carried out for economic gain.
  • “Mixed” and “exploitative” attacks are the most common in these cases, reflecting sophistication.
  • This highlights the need to protect critical infrastructure and financial sectors.

❓ High opacity: many attacks cannot be attributed

  • Both the actor and the motive remain “undetermined” in a significant proportion (more than 40% in some cases).
  • This highlights shortcomings in forensic analysis and regional attribution capabilities.

🧠 Criminal actors and hacktivists dominate the landscape

  • Groups such as LockBit 3.0, ALPHVM, Anonymous (Brazil), and Guacamaya are highly active.
  • Organized cybercrime and political/social hacktivism are the two main drivers.

📈 Growing trend since 2020, peaking in 2022

  • The year 2022 marks an all-time high, with diversified attacks in almost every country in the region.

Possible causes:

  • Greater post-COVID digitization.
  • International conflicts.
  • More active cybercriminals globally.

🌎 Brazil leads in attack volume, but other countries are growing

  • Mexico, Colombia, Chile, and Guatemala show significant increases in recent years.
  • The threat is no longer concentrated: it is regional.

🧭 Cybersecurity correlated with economic development

  • Countries with higher GDP also have higher cybersecurity indices.
  • Even so, the gap between digital exposure and preparedness remains a challenge.

🎯 Recommendations:

  • Strengthen incident analysis, monitoring, and response capabilities.
  • Develop regional frameworks for cooperation in cyber intelligence.
  • Prioritize strategic sectors: government, finance, education, and health.
  • Promote talent development and cyber resilience policies throughout the region.

The use of visualizations implemented with the D3.js library in web publications not only helps to better communicate these findings, but also allows governments, businesses, and citizens to explore the topic interactively. Similarly, working on graphics and expression controls in After Effects becomes another great visual resource that has a significant impact on effective communication pieces.

Cybersecurity is not just about technology. It is about economics, politics, and society. Understanding it is the first step toward protecting ourselves.

Sources:

  • Dataset: Center for International and Security Studies at Maryland (CISSM) through its Cyber Events Database.
  • Theoretical context: World Bank, “Cybersecurity Economics for Emerging Markets.”

#Cybersecurity #OpenData #LatinAmerica #DataVisualization #DigitalTransformation #D3js #AfterEffects #CISSM #OpenData

Related Projects

fingerprints

Create a chromatic fingerprint from Flickr using Python

Exploring the plant wealth of Nantes: A journey through its botanical collection

Transparent air: A Journey through pollution data in Pays de la Loire in 2023.