From Fiction to Reality: How Latin America became the world's most critical cyber battleground

This page in:
A man working with a laptop Photo: Pixabay

“The street finds its own uses for things,” wrote science fiction author and coiner of the term “cyberspace” William Gibson in his 1982 story Burning Chrome. At a time when computer networks were primarily used for military and research purposes, Gibson’s imagination introduced hackers Bobby and Jack— two young men trying to impress a girl named Rikki by hacking into a security system to steal a fortune from the notorious criminal, Chrome. What once appeared as pure fiction has, four decades later, become a sobering reality: with 67% of the world’s population connected to the internet, including countless malicious versions of Bobby and Jack, Gibson's fantasy has taken on new meaning, particularly in Latin America and the Caribbean (LAC).

The recently published Cybersecurity Economics for Emerging Markets report highlights how LAC's rapid post-pandemic digitalization has outpaced the region’s cybersecurity capacity. By 2024, Latin America and the Caribbean is the world’s fastest-growing region for disclosed cyber incidents, with a 25% average annual growth rate in the last decade, and it is also the least protected region, with an average cybersecurity score of 10.2 out of 20 (Figure 1 and Figure 2).

 

Figure 1:  Effects of LAC’s Digitalization

 

The World Bank
 
 
 
Source: Cybersecurity Economics for Emerging Markets (2024). 
Note: Internet usage corresponds to the share of population using the internet, which in LAC went from 68% to 81% between 2019 and 2023 according to ITU. The graph on scores in cybersecurity commitments per region are based on data from the ITU’s Global Cybersecurity Index (2024)
 

Figure 2: Cybersecurity Gaps in LAC 

 
 
The World Bank

 

Source: Cybersecurity Economics for Emerging Markets (2024). 

Cyberattacks in the Spotlight 

In the era of Burning Chrome, Bobby and Jack sought fortune in the shadows of cyberspace. Today, however, hackers have evolved beyond just aiming for financial gains, especially in developing countries, where 59% of cyber incidents are politically driven. 

LAC has seen this shift to “hybrid” incidents firsthand: a ransomware attack to government institutions that caused economic losses of about 2.4% of GDP (Costa Rica, 2022), massive data breaches to public agencies that exposed confidential records of nearly every citizen (Ecuador, 2019; Argentina, 2022), a malware attack that provoked the shutdown of all public bank branches (Chile, 2020), a cyber incident that prevented citizens abroad from casting their votes during the presidential election (Ecuador, 2023), and more. 

 

Figure 3: Distribution of disclosed cyber incidents by sectors, 2013-2024

The World Bank

Source: Cybersecurity Economics for Emerging Markets (2024). World Bank.

 

 

As shown in Figure 3, public administration and finance are the two most targeted sectors across LAC. However, the specific targets and motives behind these incidents vary significantly, closely mirroring each country’s unique challenges. For example, nowhere is the political dimension more pronounced than in Venezuela, with 73% of incidents being politically motivated. In contrast, less than 15% of Argentina’s cyber incidents have a political motive. Yet, despite differing motivations, both countries experience above-average exposure and below-average protection levels, placing them and other LAC countries within a "priority zone" for cybersecurity investments (Figure 4). 

 

Figure 4: Countries' Relative Cybersecurity Risk Assessment, 2024

The World Bank

 Source: Cybersecurity Economics for Emerging Markets (2024).

 

Turning Challenges into Opportunities

Investing in cybersecurity matters. Our new book shows that between 2014 and 2023 cyber incidents increased by a factor of 3.1 in countries with weak national cybersecurity and by a factor of 2 in those with stronger cybersecurity.

Moreover, investing in cybersecurity could have positive effects on the economy. If a developing country enhances its cyber protections and reduces major cyber incidents from the highest to the lowest quartile (about 50 to 7 major cyber incidents), it could achieve a GDP per capita increase of around 1.5%. This impact is especially pronounced in highly digitalized industries, which tend to perform better in countries with robust cybersecurity measures, all else equal. 

Additionally, with a global workforce gap of over 4 million and the cybersecurity industry projected to grow by 14% from 2023 to 2024, nearly twice the growth rate of the IT sector and four times that of the global economy, significant potential exists for job creation through targeted investments in cybersecurity education and training.

However, achieving these gains requires more than just throwing money at the problem; it requires efficient approaches such as:

    1. Prioritizing Targets Through Risk Identification: by leveraging open data, new research reveals the likelihood of institutions being targeted by cyberattacks (Harry et al., 2023). This insight can help prioritize investments across sectors. For instance, the graph below displays U.S. counties color-coded from green to red, indicating the likelihood of attack scenarios within their infrastructures.

 

Figure 5: Map of U.S. County Government Vulnerability to Attack Scenarios

The World Bank

Source: Harry et al (2023).

    2. Fostering Market Solutions: North America holds over 50% of the global cybersecurity market, with a demand 16 times greater than all LAC countries combined, leading to solutions primarily designed for high-income contexts. To address this, LAC must drive market demand through cybersecurity public awareness and support the regional industry

    3. Encouraging Corporate Investment: high-income countries, like the U.S., are promoting the disclosure of cyber incidents to enhance corporate cybersecurity. Although there are concerns about a negative impact on the victims, recent research suggests that disclosing cyber incidents in a timely manner may actually signal responsibility and boost investor confidence (Gordon et al., 2024)

    4. Promoting the adoption of a rational economic framework to guide private sector stakeholders in making informed investment decisions to mitigate cyber risks.

In a rapidly evolving tech landscape, the region’s journey from vulnerability to resilience is ongoing. With strategic investments, it can turn cybersecurity challenges into a base for sustainable growth.

The attack on Chrome is a success, but neither of the boys wins over Rikki. At the end, they come to terms with the need to leave their piracy behind and seek a different source of income. A reminder that true resilience comes from adapting to change.

 

Subscribe and receive a weekly article


Hualong Diao

Economist - Consultant - World Bank

Join the Conversation

The content of this field is kept private and will not be shown publicly
Remaining characters: 1000