IMF-CEMLA Workshop on Cyber Resilience in Latin America and the Caribbean

The Directorate of Financial Market Infrastructures of CEMLA, in collaboration with the International Monetary Fund, orchestrated the II Workshop on Cyber Resilience in Latin America and the Caribbean. This virtual meeting took place on October 3, 2023, drawing participation from 110 representatives representing 28 CEMLA institutions and partners across 27 countries.

The pervasive impact of escalating digitalization, expanding interconnections, and the heightened frequency and sophistication of cyber incidents has significantly influenced the digital landscape. Consequently, ensuring operational and cyber resilience has become a pressing concern for financial sector regulators and supervisors.

This workshop served as a platform to deliberate on pivotal areas of focus moving forward. It aimed to guide regulators and the financial sector in fortifying their cybersecurity preparedness within an evolving landscape, facilitating discussions on strategies to enhance resilience.

The workshop comprised four sessions held throughout the day. Tamas Gaidosch led the first session, providing an insightful "Overview of the Cyber Threat Landscape and Potential Financial Stability Implications." Gaidosch notably highlighted the primary cybersecurity risks facing the global financial sector in 2023: supply chain attacks and data extortion, driven by a surge in critical vulnerabilities.

Following this, Rangachary Ravikumar took charge of the second session, delivering a talk titled "International Regulatory Developments on Cybersecurity." He discussed a model regulation developed through collaborative efforts across various organizations, aimed at establishing a robust framework of best practices applicable to diverse users.

The latter half of the workshop commenced with the third session—a panel discussion led by Alejandro de los Santos and Mara Misto Macías, titled "Cyber Incident Reporting, Response, and Recovery." Noteworthy points from this session included differentiating between a cyber-attack and a cyber incident, elucidating the reporting procedures for each, and presenting insights from a cybersecurity survey conducted across multiple institutions.

The final session was led by Rangachary Ravikumar and Tamas Gaidosch, presenting "A New Capacity Building Tool – Cyber Risk Supervision Toolkit." This comprehensive toolkit covers both information and communication technology (ICT) and cyber risk, addressing seven crucial aspects essential for establishing or enhancing relevant regulatory and supervisory practices.