Media Center

Press Release

Colombia, OAS and IDB Launch First National Study on Digital Threats

  October 2, 2017

Most of Colombia's private and public organizations interviewed believe they are prepared to respond to a cyber-attack, but need to continue investing in digital security in order to respond to the challenges posed by cybercrime in the 21st century.

This is one of the main conclusions of the report "Impact of digital security incidents in Colombia 2017," a collaborative initiative between the Organization of American States (OAS), the Ministry of Information Technologies and Communications of Colombia (MINTIC) and the Inter-American Development Bank (IDB), which was presented today at OAS Headquarters in Washington, DC.

Colombia is the first country in Latin America to study the impact of digital threats in different productive sectors of the country.

The Report highlights that companies dedicate few resources to digital security, despite the fact that 65 percent of private organizations have between 81 - 100 percent of their workforce connected to the Internet.

As for the size of the organizations, 70 percent of large companies feel they are prepared to handle a digital incident, compared to 45 percent of micro-enterprises.

While 70 percent of micro-enterprises and 60 percent of small enterprises did not detect digital incidents in 2016, 51 percent of medium-sized enterprises and 63 percent of large enterprises detected such incidents. The study also revealed that at the national level there is a greater degree of confidence in the level of preparedness than at the local level, and recommends developing public policy initiatives focused at the departmental and municipal levels.

In total, 1098 organizations were interviewed for the study; 515 private companies and 583 public sector entities. The report analyzes the level of preparedness and response to cyber challenges in different areas of Colombia's private and public sector. It also provides data on the costs of digital incidents related to intellectual property, among other issues.

The Secretary for Multidimensional Security of the OAS, Claudia Paz and Paz, highlighted the innovative nature of the publication and, especially, the fact that it quantifies the impact of cyber incidents in a country of the region. She went on to state that “At the OAS, we believe that any plan to address security threats should benefit from strategic planning and informed data. That is why we are confident that the data presented in this report will be of tangible value to the Government of Colombia and the region."

Meanwhile, the Director of Digital Transformation of the MINTIC, Juanita Rodríguez, stated that in accordance to the main conclusions of the Report, measures are being taken in the Colombian Government to improve their capacity, such as the creation of the Cybersecurity Incident Response Team (CSIRT) and the accelerated development of a digital security risk management model.

However Rodríguez invited leaders of both public and private organizations in Colombia to review in detail the digital security measures implemented to date and the level of digital security investment. The Director continued by stating that "the National Government of Colombia is convinced that the management of digital security risks is a fundamental requirement for the processes of digitalization and digital transformation of the country.”

Meanwhile, Ana María Rodríguez, Manager of the Institutions for Development Department of the IDB, said that "the study illustrates, with abundant and valuable data, some weaknesses of the Colombian cyberspace, which should encourage them to double-up efforts through policies and initiatives that incorporate all the relevant actors, particularly the private sector."

Other information in the report:

  • 33 percent of public entities at the national level, and 10 and 17 percent at the municipal and departmental level (respectively), have an area specifically dedicated to digital security.
  • Public entities allocated approximately 0.05% of their investments to digital security in 2016.
  • Malware and Phishing are the most common types of attacks.
  • 79 percent of companies and 85 percent of public entities ensure that they do not estimate the cost of digital incidents.
  • About 10 percent of companies reported costs related to the loss of intellectual property over 325 million Colombian pesos (USD $ 110,600).

Reference: E-073/17