New IDB–OAS Cybersecurity Report Warns of Persistent Gaps in LAC Region

A new regional assessment reveals that Latin America and the Caribbean (LAC) have strengthened their cybersecurity capacity over the past five years, yet critical vulnerabilities remain due to shortages in resources, workforce development, and cross-sector coordination. The findings come from the 2025 Cybersecurity Report, released by the Inter-American Development Bank (IDB) and the Organization of American States (OAS), in collaboration with the Global Cyber Security Capacity Centre of the University of Oxford.

Covering 30 countries, this is the region’s most comprehensive cybersecurity maturity analysis to date, benchmarking national capabilities using Oxford’s Cybersecurity Capacity Maturity Model for Nations (CMM).

Steady Progress Across All Five Cybersecurity Dimensions

The report demonstrates regional improvement from 2020 to 2025 across all five CMM pillars:

• Cybersecurity policy and strategy

• Culture and society

• Education, training, and skills

• Legal and regulatory frameworks

• Technology and standards

The maturity gap between countries is narrowing, indicating more balanced development across the Hemisphere.

IDB’s Paula Acosta highlighted the stakes:

“The digital revolution is transforming economies and societies across Latin America and the Caribbean, but it also brings new risks.”

She emphasized the need to accelerate investment, improve operational capabilities, and strengthen cross-sector partnerships.

Persistent Vulnerabilities in Critical Areas

Despite progress, several domains remain underdeveloped:

• Weaknesses in software quality and secure development practices

• Limited protection for critical infrastructure

• Underdeveloped cybersecurity marketplaces

• Insufficient research and innovation ecosystems

• Low adoption of cyber insurance

• Lack of sustainable funding for cybersecurity agencies and CERTs

The report stresses that cybersecurity innovation across the region remains nascent, and governments must foster local capacities to reduce reliance on external providers.

AI Amplifying Risks and Exposing New Vulnerabilities

One of the most urgent findings concerns the adoption of artificial intelligence technologies, which are reshaping regional cyber threats:

• AI is enabling more advanced phishing and social engineering

• Automated tools can exploit vulnerabilities faster

• Misuse of generative AI is creating new governance and regulatory gaps

The report calls for updated cybersecurity standards, governance models, and technical capacity-building to address emerging AI-related risks.

Political Leadership and Public–Private Collaboration Are Key

Countries that integrate cybersecurity into national development agendas, promote public–private partnerships, and invest in workforce development show faster progress in closing maturity gaps.

OAS Secretary for Multidimensional Security Iván Marques emphasized:

“Cybersecurity is a collective responsibility… The OAS will continue to stand alongside countries so the Hemisphere advances together.”

A Decade-Long Effort to Strengthen Regional Cyber Resilience

The 2025 publication is the third edition of the IDB–OAS cybersecurity assessment (following 2016 and 2020). It is built on unique data collected from OAS member states and provides actionable recommendations for:

• government leaders

• private-sector executives

• civil society organizations

• academic and technical communities

The report underscores that while the region has a positive upward trajectory, accelerating cybersecurity maturity is crucial to protect economies, democratic institutions, and public services from ever-evolving digital threats.