Threat of cyber crime impedes South American trade

South America boasts some of the world’s fastest growing economies and Internet adoption rates. Brazil, for example, has the world’s seventh largest economy and sixth largest population, with economic acceleration and technical growth second only to China. For international organizations wishing to expand into this growing market, opportunities abound, but there are also substantial difficulties.

TMF Group’s Global benchmark complexity index 2014 reports that “50% of the top 20 most complex countries [in which] to do business are in South America”, with Argentina, Brazil, and Bolivia ranked as the top three. While infrastructure is rapidly improving, Latin American countries’ pursuit of international business is widely hindered by bureaucracy, stringent government controls, oppressive regulatory measures, banking limitations, and cyber crime.

The Organization of American States (OAS)/Symantec’s June 2014 Latin American and Caribbean Cyber Security Trends report noted that “the high costs of global cybercrime in 2013 [were] enough to buy an iPad for the entire populations of Mexico, Colombia, Chile and Peru”, and that “[in] Brazil alone, cybercrime costs reached $8 billion, followed by $3 billion for Mexico, and $464 million for Colombia.”


Colombia is an interesting case in point. As TMF notes, “the country is conducive to business. Technology infrastructure is supported by five underwater cables and a national fiber-optic ring that connects 300 municipalities in the country”, but “exploring the many opportunities at hand [is] a tricky endeavor”.

Colombia is a huge target for cyber attacks. As CERT explains, “Colombia’s internet usage grew rapidly in the first decade of the century. Internet penetration, which started at just 3% in 2000, reached 45% of the population by 2009 and doubled between 2008 and 2010. Something clearly had to be done to confront the information security problems this rapid growth brought with it. This was especially true because the Colombian government was embarking on an important online government initiative (Gobierno en Linea) that would be severely compromised without a secure base from which to start.”

The Colombian Government chose the international standard ISO 27001 as its information security framework.

Increased interest in the ISO 27001 standard in Colombia is demonstrated by Google Trends:

An international best-practice approach to information security

ISO 27001 sets out the specifications of an information security management system (ISMS), a holistic approach to information security that encompasses people, processes, and technology. An ISMS allows an organization to take a risk-based approach to information security and manage the confidentiality, integrity, and accessibility of its information assets while supporting adherence to legislative and regulatory obligations.

Accredited certification to the Standard demonstrates to partners and stakeholders that international best practice is being followed. Many organizations certified to ISO 27001 require others in the supply chain to conform to the Standard. Certification to the Standard is increasing accordingly: in South America, the number of certifications to the Standard increased 34% from 2012 to 2013 according to the latest ISO statistics. Columbia and Brazil jointly boast the largest number of ISO 27001 certifications in South America, which rose 55% in Brazil and 58% in Colombia from 2012 to 2013.

ISO 27001 implementation solutions

IT Governance’s fixed-price ISO 27001 Packaged Solutions provide ISO 27001 implementation resources and consultancy to help all organizations implement the Standard at a pace and for a budget suitable to their needs.

The importance of instigating and maintaining information security best practices has never been clearer. If foreign investors are to continue to invest in the South American market, then businesses need to reassure them about their information security posture.

Click here to see how IT Governance can help you implement ISO 27001 >>