Cybersecurity Maturity Improves in Latin America and Caribbean, IDB-OAS Report Finds

• The third edition of this joint report captures nearly a decade of evolution in the region's cybersecurity maturity.

WASHINGTON - Countries in Latin America and the Caribbean have made significant progress in strengthening their cybersecurity capacity, but persistent gaps in resources, workforce development, and cross-sector coordination continue to leave the region vulnerable to evolving digital threats, according to a new report by the Inter-American Development Bank (IDB) and the Organization of American States (OAS).

The study, "2025 Cybersecurity Report: Vulnerability and Maturity Challenges to Bridging the Gaps in Latin America and the Caribbean," developed in partnership with the Global Cyber Security Capacity Centre at the University of Oxford, provides the most comprehensive assessment to date of cybersecurity maturity across 30 countries in the region. The report benchmarks national capacities using the Cybersecurity Capacity Maturity Model for Nations (CMM), enabling comparisons over time and between countries.

Drawing on unique data collected from OAS member states, the analysis provides an evidence-based view of how countries have advanced from 2020 to 2025 and the remaining gaps in their cybersecurity capabilities. The assessment is structured around the five dimensions of the CMM, covering key areas for cybersecurity readiness: cybersecurity policy and strategy; culture and society; education, training, and skills; legal and regulatory frameworks; and technology and standards. It provides actionable recommendations for policymakers, private-sector leaders, and civil society.

"The digital revolution is transforming economies and societies across Latin America and the Caribbean, but it also brings new risks," said Paula Acosta, chief of the Institutional Capacity of State Division at the IDB. "This report shows that, while the region has made important progress and average results have improved across all assessed dimensions, there is a clear need to accelerate investment in cybersecurity, strengthen cross-sector collaboration, operational capabilities, and ensure that all countries are better equipped to manage the increasing cybersecurity risks."

Key findings include:

• Steady progress, narrowing gaps: Since the last assessment in 2020, the region has seen a general increase in cybersecurity maturity across all five CMM dimensions: policy and strategy, culture and society, knowledge and capabilities, legal and regulatory frameworks, and standards and technologies. The maturity gap between countries is narrowing, reflecting a more balanced development.
• Challenges to face: Despite progress, areas such as software quality, protection of critical infrastructure, and the cybersecurity marketplace remain less mature. Investment in cybersecurity research and innovation is still nascent, and cyber insurance adoption is limited.
• AI and emerging threats: The rapid adoption of artificial intelligence is reshaping the threat landscape, amplifying existing risks and introducing new vulnerabilities. The report underscores the urgent need for updated governance, standards, and capacity-building to address AI-related cybersecurity challenges.

The study highlights the importance of political leadership and absorptive capacity in advancing cybersecurity. Countries that integrate cybersecurity into broader development agendas and foster public-private partnerships are better positioned to respond to threats and close maturity gaps.

"This report shows a clear positive trajectory across the region, but it also makes clear that cybersecurity is a collective responsibility. Our longstanding partnership with the IDB and the Global Cyber Security Capacity Centre at Oxford reflects exactly this spirit-working together to give Member States the tools they need. The OAS will continue standing alongside countries, providing technical support and fostering cooperation, so that the Hemisphere advances together," said Iván Marques, OAS Secretary for Multidimensional Security.

The 2025 Cybersecurity Report is the result of a strategic collaboration between the OAS, IDB, and the Global Cyber Security Capacity Centre at the University of Oxford. It draws on unique data collected from OAS member states and provides actionable recommendations for policymakers, private sector leaders, and civil society. This is the third edition, the first study was launched in 2016, and then it was updated in 2020.

Download the full report here.