Cybersecurity poses a profound challenge in terms of public policies that strengthen economic growth in the region and reduce threats from malicious attacks.
By Andrea Ochoa Restrepo
In recent years there has been a significant increase in cyberattacks in the region, due to the growth of connectivity and increased dependence on technology.
Faced with this, it has become increasingly necessary to regulate public policies and the economy, since the implementation of these new technologies has generated greater importance for protecting systems, data and digital assets against cyberattacks and cyber threats, which ends up generating an effect on the Gross Domestic Product (GDP) since costs can decrease productivity and investment in the business sector. For example.
In relation to the above, it is relevant to recognize that science, technology and innovation are aimed at making visible solutions for urban security in the city, the region and the country; Especially in four verticals: cybersecurity, technology for security, data processing and artificial intelligence, and applied innovation.
The size of the cybersecurity market exceeded US$150 billion in 2019 and is poised to grow at more than 15% CAGR in 2020 and 2026.
Regarding the level of investment, the International Development Bank (IDB), in partnership with the Organization of American States (OAS), said that "Latin American and Caribbean countries must invest more in cybersecurity, especially because, of the 32 countries investigated, 16 of them do not have the capacity to respond or adequately coordinate to invasions." Only four countries reached the intermediate level of development in this regard.
Likewise, a study conducted by the University of Oxford, in collaboration with the government of Estonia, a leading country in digitalization, found that, at the beginning of 2020, only 12 countries in the region had approved a national cybersecurity strategy. Some countries have developed specific legal frameworks and regulations to address cybersecurity challenges, while others are under development or have more limited regulations in this area.
Some countries are already making progress in regulations
In the case of Brazil, for example, it has a Cybersecurity Law (Law No. 13,709) that establishes rules on the processing of personal data and the protection of privacy. There are also initiatives such as the National Cybersecurity Plan and the Civil Internet Framework, which include provisions related to online security.
On the other hand, Mexico enacted the Law on Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de Particulares), which establishes the principles and requirements for the processing of personal data. In addition, the country has created the National Cybersecurity Strategy and established the National Cyber Incident Response Center (CERT-MX).
Along the same lines, Colombia approved the Personal Data Protection Law (Law 1581 of 2012), which regulates the processing of personal data and establishes obligations for organizations that process this information. The National Cybersecurity Agency (ANC) has also been established, responsible for coordinating and promoting cybersecurity in the country.
For Chile, the Personal Data Protection Law (Law No. 19,628) was created, which regulates the protection of personal data and privacy. In addition, the country has established the Joint Cyber Defense Command, responsible for coordination and response to cyber incidents.
Cybersecurity, the key to citizen security
The above panorama shows that cybersecurity is a key piece in citizen security in the digital age. Today, when critical infrastructures are increasingly dependent on technology and connectivity, it is essential to ensure that they are protected against cyberattacks that could have serious consequences for the security and well-being of citizens.
According to Chuck Davis, vice president of Global Information Security Hikvision, "citizen security also means protecting citizens' personal data. Cyberattacks can compromise personal information, which can lead to phishing and other forms of abuse. Strong security measures such as data encryption and compliance with privacy regulations need to be implemented to protect citizens' personal information."
This also involves educating citizens on online security best practices. Promoting awareness of cyber risks, such as phishing, malware and online scams, can help prevent citizens from falling into cyber traps and becoming victims of cybercriminals, Chuck Davis said during the Colombia World Security Summit 2023 event held in the city of Medellín last May 2023.
It is worth noting that during the event mentioned above and according to information provided by Saul Kattan, Colombian businessman expert in business crisis, Economist from the University of Los Andes in Colombia and financial researcher with experience in strategic planning; by Omar Nuñez, LATAM OTCI Business Development Manager at Fortinet, and Pedro Janices, Director of Cybercrime Investigations at the Ministry of Security of the Argentine Republic, attackers attempt to obtain personal or financial information by tricking people into revealing their sensitive data, often through fake emails or websites.
In the case of ransomware, it is malware that blocks access to systems or encrypts a victim's files and then demands a ransom to restore access. On the Malware side it refers to malicious software designed to infiltrate computer systems without the owner's consent and cause damage or collect information. Attackers overwhelm a server or network with a large number of requests, causing the system to crash and affecting the availability of services.
Cybersecurity organizations, such as governments and security firms, often collect data on incidents, but this is not always publicly available or consistent.
Artificial Intelligence (AI): friend or foe?
AI can analyze large volumes of data in real time to identify patterns and anomalies that may indicate malicious activity. AI-based intrusion detection systems can learn from the normal behavior of a network or system and detect suspicious deviations that could indicate an attack.
Additionally, AI systems can be used to verify the identity of users by analyzing behavioral patterns, such as the way they type, their voice or their browsing style. This helps prevent unauthorized access and detect fraud attempts.
From another point, AI can continuously assess an organization's security state, identify vulnerabilities, and assess the risk associated with different scenarios. This helps organizations prioritize their security efforts and make informed decisions about necessary protective measures.
Faced with the incorporation of artificial intelligence in Latin America, Chuck Davis argued: "The impact has been very positive. The prediction is that by 2025 90% of online content will be generated by this tool."
For Colombia, Saúl Kattan stressed that with "Artificial Intelligence the world is going to change, it has already changed, as it did 30 years ago when the internet arrived. There are many topics to do through Artificial Intelligence to improve production, education or health. Many issues of importance to the country can be leveraged."
Impact on GDP
The impact of cybersecurity on Gross Domestic Product (GDP) can be significant, both globally and in specific economies such as Latin America. Cyberattacks can cause direct financial damage to organizations, such as lost revenue, disruption of operations, recovery costs and repair of compromised systems, among others. These costs can negatively impact GDP by decreasing productivity and investment in the business sector.
Highlight 3: The economic damage of cyberattacks could exceed 1% of the Gross Domestic Product in some countries of the region and rises to 6% when it comes to cyberattacks on critical infrastructures.
According to data from the Inter-American Development Bank, only 7 of 32 countries analyzed in a study had a plan to protect their critical infrastructure, and 20 had Computer Emergency Response Teams (known as CERT or CSIRT).
Another impact to keep in mind is that cyber incidents can affect the trust of consumers and business partners, which can lead to a decline in online transactions, technology adoption and participation in the digital economy.
In addition, a lack of confidence in cybersecurity can deter innovation and the development of new businesses. The high risks associated with cyberattacks can limit investment and adoption of emerging technologies, affecting economic growth and contribution to GDP.
The correlation between the size of economies and their level of digitalization, with the number of cyberattacks is increasingly evident, for example, Brazil receives more than half of cyberattacks, followed by Mexico (23%), Colombia (8%) and Peru (6%).