Guatemala, October 2025 - Human error continues to be the leading cause of security incidents , accounting for more than 60% of data breaches reported in recent years, according to Verizon's DBIR 2025 .

Among the most frequent errors are the use of weak passwords, the downloading of malicious files, and the loss of devices containing critical information. Given this situation, a cybersecurity culture must be an integral part of Guatemalan business culture, involving all employees regardless of their role, leadership level, or tenure within the organization.

Perry Carpenter, a strategist on the subject of Human Risk, in his book entitled The Secure Culture Playbook:  An executive guide to reducing risk and developing your human defense layer defines security culture as “the ideas, customs, and social behaviors of a group that influence its security.” This approach seeks to establish best practices that allow organizations to have a more secure and planned environment, reducing the likelihood of incidents and minimizing cybersecurity breaches resulting from human error.

According to the DBIR report, ransomware attacks are present in 44% of data breaches globally, with ransom payments totaling approximately US$115 million. The study, which analyzed regional data from cybersecurity organizations such as SISAP, identified 1,476 incidents linked to human error. Of these, 1,449 resulted in data exposure, with 98% attributed to internal personnel. This demonstrates that while investment in technology is necessary, it is not enough: human error remains a critical factor for Guatemalan organizations.

Human risk management: a comprehensive approach

The technology acquired is not enough to protect an organization; although investment in hardware and software is important, there is a latent risk that is rarely considered within a cybersecurity strategy:  human risk.  

Human risk management is evolving; it's no longer just about active awareness and controlled testing for users. It's a comprehensive approach that manages risks arising from human behavior, decisions, and interactions. Humans must be recognized as a potential vulnerability in the cybersecurity context, extending to operational and, of course, strategic risks.

Beyond awareness, human risk management requires a comprehensive approach that includes:

·      Clear policies and procedures known to all employees

·      Promoting individual responsibility in cybersecurity

·      Monitoring of unusual and potentially dangerous behaviors

·      Access control to resources according to the necessary level of permissions and privileges

·      Ongoing training

Implementing a cybersecurity culture focused on human risk presents significant challenges for organizations. These include a lack of resources for ongoing programs; resistance to change when receiving new cybersecurity guidelines; external threats depending on the organization's business sector, which can make them a more attractive target for cybercriminals; and, most importantly, a lack of management commitment, which limits employee adoption of security measures. 

Senior executives, due to their access to sensitive information, require more specialized training that includes strategic decision management, knowledge of incident response plans, and their role in internal and external communication during a data breach. Only with active leadership from management is it possible to consolidate a robust cybersecurity strategy.

"One premise is certain: strengthening the human factor can significantly reduce exposure to cyberattacks and protect the organization's most valuable data and assets."  “Management commitment makes all the difference by fostering a strong and constantly evolving cybersecurity culture. This maturity not only builds trust with partners and customers, but also becomes a competitive advantage that accelerates the achievement of strategic goals and the organization’s sustainable growth,” stated Ingrid Delgado, Customer Education and Awareness Manager at SISAP.    

###

About SISAP

SISAP, Sistemas Aplicativos SA, is a company founded in 1985, a leader in the Information Technology and Security market with a presence in 11 countries in the region. It has a broad portfolio of services and solutions focused on information security, with over 1,000 certifications that attest to the quality of service it provides to its clients.

 

With over 40 years of experience, they are the leading provider of security solutions and services to clients in Latin America. Their team comprises more than 400 employees (60% of whom are engineers), forensic laboratories, a cybersecurity academy, over 100 partner brands, and various regional offices located in Guatemala, El Salvador, Honduras, Nicaragua, Costa Rica, Panama, the Dominican Republic, Colombia, Paraguay, Mexico, and the United States. For more information, visit www.sisap.com

 

Press contact  

Gaby Aguirre I gaby@prevolucion.com I 33843011