From reactive to proactive cybersecurity: 15 years of OAS/CICTE’s support to national strategies / policies in Latin America and the Caribbean

Over the past 15 years, the Cybersecurity Section of the Inter-American Committee Against Terrorism (CICTE) at the Organization of American States (OAS) has significantly contributed to strengthening cybersecurity across the Americas. Through direct support and technical guidance, OAS/CICTE has actively assisted member states in the formulation, updating, and implementation of their National Cybersecurity Strategies (NCS).

Emphasizing a multi-stakeholder, risk-based approach aligned with international standards, the OAS/CICTE has facilitated inclusive participatory processes, encompassing technical diagnostics, multisectoral workshops, public consultations, and specialized publications. During these 15 years, 34 strategy/policy formulation processes have been undertaken across 21 countries in the Americas, with the Cybersecurity Section of OAS/CICTE actively supporting 21 of these processes in 16 countries.

Since 2011, Latin America and the Caribbean have progressed through three distinct generations of cybersecurity policies. The first generation (2011-2015), policies were predominantly reactive, focusing mainly on technical responses to cyber incidents and limited stakeholder involvement. The second generation (2016-2020) transitioned towards proactive, multidimensional strategies emphasizing risk management, institutional strengthening, international cooperation, multisectoral collaboration, national defense, economic and social prosperity, and intermediate levels of maturity. Currently, the third generation (2021-2025) is characterized by human-centered policies fostering digital trust, resilience, governance framework revision, cyber diplomacy, research and development, financing involvement from diverse stakeholders, and recently integrating gender perspectives.

Comparative analysis of recent strategies from Colombia (2025), Paraguay (2025), Uruguay (2024), Costa Rica (2023), Chile (2023), Argentina (2023) and Barbados (2023) reveals significant commonalities, including comprehensive governance structures, cyber resilience enhancement, critical infrastructure protection, workforce development, and international cooperation frameworks. These strategies commonly underscore the importance of incorporating multi-stakeholder engagement and robust legal and regulatory frameworks as foundational elements. Notably, countries increasingly prioritize educational and awareness campaigns to build a cybersecurity-conscious culture across all sectors of society.

However, distinct national contexts and priorities yield unique approaches. For instance, Costa Rica places significant emphasis on human rights protections and inclusivity. Chile highlights the protection of vulnerable demographic groups, particularly women and children, in the digital sphere. Barbados explicitly integrates cybersecurity within its broader digital transformation strategy and economic development goals. Uruguay demonstrates substantial multi-sectoral participation and a robust, collaborative governance model, emphasizing innovation and digital sovereignty. Colombia and Paraguay notably prioritize technological innovation and adaptability to emerging threats. Argentina’s strategy distinctly emphasizes international cooperation and the importance of harmonizing national cybersecurity policies with global norms and standards.

Looking forward, member states face critical challenges and opportunities associated with the rapidly evolving technological landscape. The accelerated adoption of emerging technologies, such as Artificial Intelligence, Quantum Computing, and the Internet of Things (IoT), introduces significant cybersecurity risks but also offers opportunities to strengthen national cybersecurity capabilities through innovation and advanced security solutions. Policymakers must address challenges such as workforce skill gaps, infrastructure vulnerabilities, regulatory compliance, data privacy concerns, and increased sophistication of cyber threats.

To navigate these complexities effectively, countries should prioritize cybersecurity within national public agendas, ensuring strategic integration with broader digital governance frameworks, including AI ethics, data governance, infrastructure resilience, and innovation policies. International policy recommendations advocate for robust interagency coordination, transparent governance mechanisms, continuous stakeholder engagement, proactive risk management, ongoing investment in research and education, and fostering public-private partnerships. By aligning cybersecurity strategies with evolving global standards and best practices, countries in the region can enhance their digital resilience, secure sustainable development, and promote economic and social prosperity.

 Authors: Kerry-Ann Barrett, Cybersecurity Section Chief, OAS/CICTE and Orlando Garcés, Cybersecurity Policy Officer, OAS/CICTE. More information: OAS/CICTE Cyber publications.