Description
This paper presents and discusses the relation between cybersecurity and corporate governance in the context of Latin America and the Caribbean. It notes that progress has been made in improving corporate cybersecurity within the region mostly from a data protection perspective, either as a result of internally driven or regulatory motivated corporate initiatives, but that not enough headway has been made regarding the cyber risks affecting critical infrastructure and essential services in the hands of private or State-owned companies. The paper describes some of the best corporate governance practices and guidance for boards of directors to address cybersecurity issues, as well as a selection of the regulatory incentives that lawmakers and regulators are deploying to incentivize boards to adopt proper cyber risk management. Three case studies are presented as examples of these types of policy interventions in the region.