A Cyber Wall for the Caribbean

With EU support under Global Gateway and the EU-LAC (Latin America & Caribbean) Digital Alliance and EL PACCTO, the updated CARICOM Cybercrime and Cybersecurity Action Plan (CCSCAP) 2025 was launched in Port  of Spain, Trinidad and Tobago last Friday 31^st October. The new action plan is the strategic framework designed to safeguard the Caribbean region’s accelerating digital transformation, protecting citizens and businesses.

Data published by the World Bank and the Cybersecurity Economics for Emerging Markets report (2024) shows that LAC's rapid post-pandemic digitalization is outpacing the region’s cybersecurity capacity. Latin America and the Caribbean is the world’s fastest-growing region for disclosed cyber incidents, with a 25% average annual growth rate in the last decade, and it is also the least protected region, with an average cybersecurity score of 10.2 out of 20. The annual cost of cyberattacks in LAC could exceed $90 million by 2025, with an average of more than 18.5 million attacks per year according to the LATAM CISO Report 2024 developed by Duke University.

The Caribbean in particular faces a surge in ransomware attacks, phishing, and other crimes, often carried out by organized crime groups using cryptocurrencies to fund their activities. This has led to substantial financial losses, operational downtime, and damage to reputations for businesses and governments across the Caribbean. According to the Global Cybersecurity Index of ITU, which goes from Tier 1 (best) to Tier 5 (worst) only Cuba, Dominican Republic, Jamaica and Trinidad and Tobago are ranked in Tier 3. The rest of the Caribbean region is ranked in Tier 4 or Tier 5.

The launch of the CCSCAP 2025 has been led by the CARICOM Implementation Agency for Crime and Security (IMPACS) in collaboration with the EU-LAC Digital Alliance’s cybersecurity workstream. It will be implemented by Expertise France (EF) and EL PACCTO 2.0, the EU Programme with LAC against Transnational Organised Crime, which is led by Fundación para la Internacionalización de las Administraciones Públicas (FIAP) and provides technical assistance in strengthening cybercrime research models and institutional capacity building.

The initiative forms part of Global Gateway’s broader vision to promote secure, inclusive and sustainable digital investments, ensuring that technology strengthens trust, protects citizens, and supports fair growth across both regions. The Ambassador of the European Union to Trinidad and Tobago, Cécile Tassin, celebrated the official launch of the CCSCAP, calling it a pivotal moment for collective digital security and resilience across the Caribbean Region.

The launch of the CCSCAP is a milestone that embodies collaboration, innovation and collective security in the digital age.

Cécile Tassin

EU Ambassador to T&T

Ambassador Tassin confirmed the EU’s intention to deepen its support in the Caribbean through various frameworks, including the Global Gateway Investment Agenda for LAC and the EU-LAC Digital Alliance. She also noted that ongoing technical assistance is being provided through the Latin America and Caribbean Cyber Competence Centre (LAC4), an EU-funded hub for cyber capacity-building and knowledge-exchange that aligns closely with the CCSCAP’s capacity-building goals.

Paradise for hackers?

The reality gives sense to the figures. In 2022, Costa Rica was breached by a large-scale attack linked to the ransomware group Conti. The attackers extracted hundreds of thousands of gigabytes of information about Costa Rica’s citizens and encrypted the digital systems of various public ministries. For various months, Costa Rica’s public administration had issues in collecting taxes, processing payments or performing other public services for the citizenship.  

The ransomware group asked for a large ransom, $10 million, in exchange halting the attack and not publishing the stolen data, which Costa Rica refused to pay until a coalition of European and US stakeholders intervened to help repel the attack. 

Colombia also suffered a series of impactful ransomware attacks in 2022, which affected the State’s public utilities company, Empresas Públicas de Medellín (EPM) and private sector healthcare providers, strongly affecting their capacity to give care and that of patients to keep control of their own healthcare data. Brazil’s court system also suffered 13 consecutive attacks between 2020 and 2022 . These are just few of the many examples of cyber incidents that are increasingly affecting the region.

LAC and the Caribbean in particular are paying a high price for their high cyber-vulnerability.

From cyber-security to cyber-resilience 

The revised CCSCAP reflects CARICOM’s commitment to a future-proof approach to cyber-resilience. It not only aims to close existing implementation gaps but also adopts a forward-looking stance on emerging technologies, establishing continuous monitoring and evaluation processes to help Caribbean countries remain responsive to cyber trends. It means a shift from traditional cyber security measures to a comprehensive strategy focused on cyber resilience.

The new CCSCAP focuses on six core pillars designed to create a resilient and trustworthy digital ecosystem:

1. Public Awareness, Education, and Advocacy 

2. Capability Development and Capacity Building 

3. Technical Standards and Infrastructure 

4. Policy, Institutional, and Regulatory Frameworks 

5. Cyber Incident Management 

6. Regional and International Cooperation 

The new CCSCAP 2025 reaffirms CARICOM’s commitment to protecting citizens, institutions, and economies in the digital age. By combining shared governance, harmonized legislation, and collective operational capacity, the updated plan marks a major step forward in ensuring that the Caribbean remains resilient, connected, and secure against evolving cyber threats.

LAC4 and triangular cooperation: Fighting Cyber-threats with excellence

The CCSCAP’s six core pillars will be supported by the LAC4 Centre. Funded by the European Union, the Latin America and Caribbean Cyber Competence Centre LAC4 was set up in Santo Domingo (Dominican Republic) in 2022 as regional hub for cybersecurity education and training in the region.

Through the EU CyberNet Expert Pool, LAC4 provides cybersecurity and cybercrime expertise to support LAC digital transformation and collaboration to counter cyber threats.

The Dominican Republic, Jamaica and Trinidad & Tobago also form part of the triangular cooperation cybersecurity project “Strengthening and Developing Capacities in Latin America and the Caribbean in the Field of Cybersecurity”, funded by the EU and implemented by Chile. The project aims at increasing the cyber resilience of public institutions, civil society and academia in LAC through the exchange of best practices, regulatory workshops and the development of a regional cybersecurity framework law.

EU-LAC Digital Alliance, EL PACcTO 2.0 and Global Gateway

The EU-LAC Digital Alliance, a flagship Global Gateway Initiative, is an informal, values-based framework for cooperation, open to all LAC countries and EU Member States who may participate through their respective governments and agencies related to the digital agenda. It is also a Team Europe Initiative (TEI) and an EU-funded Regional Programme for LAC. It is supported by Global Gateway, the EU's positive offer to reduce the worldwide investment disparity and boost smart, clean and secure connections in digital, energy and transport sectors, and to strengthen health, education and research systems.

The Global Gateway strategy embodies a Team Europe approach that brings together the European Union, EU Member States and European development finance institutions. Together, it aims to mobilise up to €300 billion in public and private investments from 2021 to 2027 and create essential links rather than dependencies and close the global investment gap.

The European Commission programme EL PACCTO 2.0 enhances cooperation in the areas of justice and security to tackle transnational organised crime, fostering strategic partnerships between LAC and Europe. As part of its efforts, EL PACCTO 2.0 has established a specialised workstream dedicated to combating cybercrime. This initiative focuses on analysing emerging trends and technological tools, advocating for international legal harmonisation, identifying critical threats such as ransomware and cyber-enabled money laundering, promoting cross-border institutional collaboration, and providing targeted training for judges, prosecutors, and law enforcement personnel to improve their capacity to detect and respond to cyber threats effectively.

Background

Read more EU-LAC Digital Alliance stories:

• Europe and Latin America & the Caribbean together in the Digital race

• EU-LAC Digital Alliance: leading human-centric Artificial Intelligence

• The EU-LAC Digital Alliance meets in Estonia to gear up eGovernance

• Women ready to lead the digital transformation in Latin America & the Caribbean

• Innovation meets business where Latin America and the Caribbean meet Europe

• EU-LAC Digital Alliance partners promote digital citizen engagement in Central America

• Digital is the path to growth in Latin America & the Caribbean

• Helping businesses move faster in Latin America & the Caribbean

• The EU and its Latin American & Caribbean partners leverage the responsible use of data

• Seeing through the clouds in Central America with Copernicus satellites

• EU-LAC Digital Alliance brings eGovernance to citizens and business

• Exploring the potential of Artificial Intelligence with Latin America & the Caribbean

• Europe and Latin America & the Caribbean step up cooperation on cybersecurity

• Takeaways of the EU LAC Digital Policy Dialogues

• Global Gateway EU on LinkedIN

• EU-LAC Digital Alliance