WASHINGTON, D.C., APRIL 26, 2024 – The growing threat of ransomware attacks to the Latin American cybersecurity landscape is exacerbated by the lack of robust policies and regulations in place to prevent and respond to cybersecurity incidents, according to a new report released today by the Digi Americas Alliance, written in collaboration with Duke University. The report, titled "Cyber Readiness in Latin American Public Sectors: Lessons from the Frontline,'' sheds light on the pressing challenges faced by the region, particularly in safeguarding critical infrastructure from cyberattacks like ransomware. The report examines recent events in Colombia, Costa Rica, Chile, and Panama to gauge the effectiveness of their response tactics and respective national cyber policies. The analysis focuses on approaches governments in the region can take to help organizations in their countries mitigate cybersecurity risk.

The report highlights that currently “only seven of the 32 Latin American countries have plans in place to protect critical infrastructure from cyber-attacks, and only twenty have Computer Emergency Response Teams (CSIRTS).” Despite this lack of preparation, a notable finding from the report shows promise for growth with “94% of [survey] respondents at least somewhat agreeing that implementing a risk management framework can enhance their organization’s resilience against cyber threats such as ransomware.”

“Our research findings demonstrate that despite grappling with limited resources, countries in Latin America are showing significant attack resilience and beginning to implement promising cybersecurity capabilities,” noted Belisario Contreras, coordinator of the Digi Americas Alliance. David Hoffman, Professor at Duke University added that “the report illustrates that countries in the region face similar challenges related to incident response and workforce development, which we underscore as an opportunity for coordinated security advancement.”

The report offers a comprehensive analysis of current cybersecurity practices, identifies bottlenecks in incident response, and proposes effective measures to bolster cyber defenses in Latin America. Recommendations include:

  • Bolstering investment in workforce development to address the significant shortage of trained IT professionals.
  • Establishing voluntary risk management frameworks to guide organizations in enhancing their cybersecurity posture.
  • Investing in cybersecurity infrastructure and technologies, such as cloud-based solutions, to mitigate ransomware risks.
  • Establishing centralized cybersecurity management and reporting systems to facilitate effective incident response.

The rapid digitization in Latin America has outpaced the development of effective cybersecurity measures, leaving initiatives and policies in the early stages of development. The Digi America's Alliance hopes that by elaborating on the current challenges that remain in addressing ransomware threats, it will encourage renewed investment and collaboration on cybersecurity initiatives throughout Latin America.

About the Digi Americas Alliance:

The Digi Americas Alliance is a multi-stakeholder and interdisciplinary network of organizations dedicated to shaping digital policy and addressing technical issues throughout the Americas.

To read the full report in Spanish please click here.

Read Next

Cyber Leaders Discuss a Common AI and Cyber Vision in LATAM

Industry, government, and civil society stakeholders from across Latin America, the EU, and U.S. convened in Colombia last month for a roundtable discussion "Towards a Common AI and Cyber Vision in LATAM," hosted by the Digi Americas Alliance.

Building Digital Solidarity: The New International Cyberspace and Digital Policy Strategy

U.S. State Department releases International Cyberspace & Digital Policy Strategy, building off the U.S. National Cybersecurity Strategy.

Event Recap - Advancing Risk Management: Cybersecurity, Privacy and AI

The CCPL hosted a half-day event during the RSA Conference in San Francisco featuring speakers from the NIST and the NCCoE to talk about the Cybersecurity, Privacy, and AI risk management frameworks.