The increasing complexity of threats has driven the creation of new regulatory frameworks designed to strengthen the cybersecurity and operational resilience of financial institutions.
Throughout 2025, financial inclusion in Latin America will continue to advance, driven by digitalization, the expansion of fintechs and the adoption of emerging technologies such as artificial intelligence and blockchain. However, one of the biggest challenges will be adapting to an increasingly dynamic and fragmented regulatory environment, which requires reconciling innovation with customer protection.
According to Oswaldo Palacios, cybersecurity specialist for Akamai Latin America: “this challenge is intensified in some countries in the region due to limited visibility on infrastructure, applications and digital assets, which compromises information security.”
However, the increasing complexity of threats has driven the creation of new regulatory frameworks designed to strengthen the cybersecurity and operational resilience of financial institutions.
A Forrester study, commissioned by Akamai, found that more than one-third of financial institutions are not confident in their ability to quickly detect and respond to vulnerabilities, increasing the risk of penalties and losses. In addition, 25% of these organizations do not have a clear view of their current and future regulatory environment, while 50% struggle to adequately inform compliance teams and auditors about users, assets, infrastructure, and applications.
Regulatory frameworks in Latin America, such as the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR), have reinforced the need to protect customer information and maintain robust security controls in all digital environments. At the same time, they place complex demands on the financial sector, which must constantly adapt to these requirements while facing an evolving threat landscape.
“This regulatory pressure requires a two-pronged approach: regulatory compliance and cybersecurity. Only in this way will institutions be able to improve their operational resilience, have greater visibility of their digital assets and effectively mitigate risks,” Palacios said.
Top Cyber Threats to the Financial Sector
The banking, financial services and insurance sector accounts for about 29% of the cybersecurity market in Latin America, driven by the accelerated digitization of services and its attractiveness as a target for sophisticated attacks.
Forrester’s study highlights that 88% of financial institutions have suffered at least one significant incident in the last 18 months and 60% have had to bear remediation costs due to non-compliance. These events not only affect operations, but also the reputation and financial stability of organizations.
Among the most relevant threats are:
- Zero-day attacks: Exploiting unknown vulnerabilities with thousands of exploitation attempts in a few hours.
- DDoS attacks: Saturate networks with malicious traffic, causing operational disruptions and serving as a smokescreen for more damaging attacks.
- Ransomware: Encrypt critical data and spreads laterally through the network, affecting operations and demanding ransoms.
- Phishing and social engineering: Trick employees into gaining unauthorized access or installing malware.
- API attacks: Poorly protected APIs allow information to be stolen or fraudulent transactions to be executed.
- Brand Spoofing: Creating fake sites or deceptive profiles to scam customers.
To face this environment, Palacios stresses the need to implement flexible RegTech solutions (regulatory technologies) that allow compliance with multiple regulations in different jurisdictions. Collaboration between technology companies, regulators and financial institutions will be key to developing these tools.
In this sense, API security becomes critical. These solutions allow you to discover, monitor and audit API behavior in real-time, offering full visibility to detect and mitigate threats. This not only protects sensitive data, but also ensures compliance with privacy and security regulatory frameworks.
For its part, microsegmentation is positioned as a fundamental strategy to isolate critical workloads and applications, reducing the possibility of lateral movements of attackers within the network.
“In addition to facilitating compliance with PCI and other standards, this technique provides detailed visibility at the process level, allows the creation of adaptive policies, and ensures a robust security posture, ready for any audit,” said Palacios.
