Latin America and the Caribbean make up 6% of global GDP across more than thirty countries, ranging from highly developed to emerging markets. Cyber exposure is meanwhile rapidly increasing among organisations across the continent. Internet penetration in Latin America is above global averages (at 75%, compared to 65%)[1].
A particular feature of the regional economy is the preponderance of small and medium enterprises, necessitating resilience building above the enterprise level. Experienced risk carriers from outside the region can provide risk mitigation advice and support through their networks, but the maturing economies of the region need to act quickly to prevent breaches.
Sophisticated cyber threats require a sophisticated risk management strategy
‘Booming growth’ (to use a phrase from a recent Deloitte report) across the continent is increasingly attracting advanced cybercriminal enterprise.[2] Cyber exposures total 1% of GDP; if critical infrastructure is included, that figure rises to 6%.[3]
Phishing and ransomware attacks are currently the greatest threats, with ransomware-type digital crime making up 79% of cyber events in Latin America versus 53% globally.[4] While we have seen a marked improvement over the past three years in internal measures taken to mitigate these risks, more systemic approaches are required.
Efforts to create robust legislative responses have been fragmented at best. Data transfer policies, in particular, require standardisation in order to better protect cross-border enterprises. This will ensure their continued safety and must be a priority.
Reactive-only responses to cyber threats are no longer sufficient; a recent attack in Costa Rica shut down no fewer than 27 separate government agencies. We need to improve risk assessments, training and malware awareness among staff as well as create effective post-event strategies.
Resilience through collaboration
Regional digital economic leaders such as Mexico, Brazil, Argentina and Colombia present a level of private market maturity. Elsewhere, a number of public sector entities are relying on third-party expertise to build out their resilience.
From a cyber insurance perspective, Latin America presents an opportunity to combine local and external capacity and expertise, fuelling the extraordinary economic rise of the region in the digital age. Experienced insurers from outside the region can contribute to building cyber resilience by facilitating collaboration.
Building cyber awareness across organisations
A recent CISO Conference organized in the region is a step in the right direction, and we are prepared as insurers to support these efforts through our networks, in collaboration with brokers and risk managers. Cyber security needs to be given the priority it deserves. As insurers, we are ready to support with our knowledge, but the ball is, ultimately, in the region’s increasingly mature court.
[1] Internet penetration in Latin America & Caribbean by region 2023 | Statista
[2] https://www2.deloitte.com/uk/en/insights/economy/americas/latin-america-economic-outlook.html
[3] Banco Interamericano de Desarrollo (BID) y Organización de los Estados Americanos (OEA). 2020. “Ciberseguridad: Riesgos, Avances y el Camino a Seguir en América Latina y el Caribe”. (24 January 2023)