CARICOM Chair Signals Focus on Cybersecurity Amidst Climate and Financial Concerns

“Whether tackling the climate crisis, addressing gun violence, or championing equitable global financial reforms, we must act with one voice and one purpose.” With those words, Prime Minister Mia Mottley signalled the strategic direction for her year as chairperson of the Caribbean Community (CARICOM). However, while the region grapples with the relentless ravages of climate change, another economic monster is quietly raging, largely overlooked by heads of government: cybersecurity.

While the 48th CARICOM Heads of Government Summit was underway, a lesser-known yet significant event also took place. At the recently concluded Aliv Business Cybersecurity Summit on February 20 in The Bahamas, Michael Halkitis, the country’s minister of economic affairs, underscored that cybersecurity is essential for both economic stability and national security. He emphasised its critical role in the digital era, particularly in The Bahamas’ digital transformation, which aims to boost competitiveness and strengthen its regional standing.

Minister Halkitis highlighted that cybercrime costs the Caribbean $90 billion annually, posing a significant threat to economic stability in the region, according to World Bank reports. If I had been present, I would have cautioned the audience about that figure. The International Monetary Fund (IMF) estimates the Caribbean region’s GDP at current prices to be approximately $151.57 billion USD in 2025, encompassing both CARICOM and non-CARICOM nations. A $90 billion loss would imply cybercrime consumes over half the region’s collective GDP—an unrealistic claim. If true, the CARICOM agenda would likely be reduced to three items: cybercrime, cybercrime, and more cybercrime.

This figure likely includes Latin America, inflating the Caribbean-specific impact and pointing to one of the region’s broader challenges: the lack of accurate, actionable data. Even so, Halkitis’ overarching point remains valid. If cybercrime costs the Caribbean even 10 per cent of the reported $90 billion, that is still a staggering sum for a small economic region to ignore.

He stressed the need for collective action among businesses, governments, and institutions to bolster defences.

This brings me back to the just-concluded Heads of Government Conference and the question of where cybersecurity and cybercrime rank in the Caribbean’s priority order. If the region is to fully embrace digital transformation and conduct business more efficiently, cybersecurity needs its day in the sun—complete with its own actionable mandate—to ensure our digital economic development isn’t undermined. Currently, under CARICOM’s quasi-cabinet structure, Grenada holds lead responsibility for information technology, suggesting it should serve as the model territory for the region. Yet Grenada, too, has been grappling with this cyber threat.

As far back as 2017, the Inter-American Development Bank (IDB) identified critical measures to bolster cybersecurity in Latin America and the Caribbean, focusing on the financial sector. A key recommendation was adopting international security standards; notably, 68 per cent of banking entities in the region have implemented some form of cybersecurity framework, enabling structured approaches to managing and securing sensitive information while enhancing overall resilience.

Strengthening governance structures is another priority. The IDB reports that 72 per cent of banking entities provide boards of directors with regular updates on digital security risks, while 74 per cent have dedicated cybersecurity departments. This high-level oversight ensures cybersecurity remains a strategic focus. Additionally, while over 90 per cent of these entities have deployed basic security tools like firewalls and automated updates, only 51 per cent have adopted advanced technologies such as Big Data analytics or Artificial Intelligence for detecting threats. The IDB advocates integrating these tools to enhance threat detection and response capabilities.

Incident management and response are also emphasised, with at least 50 per cent of banking entities establishing strategies for managing and recovering from digital security incidents, while 88 per cent provide internal reporting mechanisms. Recognising the human element in cybersecurity, 82 per cent have implemented annual training and awareness programs to foster a culture of security and reduce vulnerabilities.

These measures offer a strong framework for enhancing cybersecurity practices in the region’s banking sector. However, they also hold significant relevance for regional governments.

Firstly, just as boards of directors are informed about digital risk, prime ministers must implement digital security governance structures within their respective countries. For example, Singapore’s Cyber Security Agency operates under the Prime Minister’s Office, ensuring centralised oversight and collaboration across sectors to protect critical infrastructure.

Secondly, the region remains under-resourced in cyber defense skills, necessitating greater capacity building and intelligence-gathering mechanisms. A key regional action item should be ensuring that all CARICOM members have a functioning Cyber Security Incident Response Teams (CSIRT) providing 24/7 support to citizens and government agencies. These CSIRTs could form a Caribbean Threat Intelligence Alliance, enabling real-time intelligence sharing, coordinated responses to regional incidents, and the development of standardised cybersecurity practices. This alliance would also foster partnerships with international cybersecurity organisations, aligning the region with global security standards.

Thirdly, cybersecurity awareness is not just important—it is essential for CARICOM’s economic and digital future. As I recently told a group of students, if a CARICOM state truly values an issue, there will be a dedicated reporting function or focal point for awareness and guidance. Without clear leadership and structured awareness programmes, the region remains vulnerable to escalating cyber threats. In an era where business, finance, and governance are increasingly digital, CARICOM must demonstrate its commitment by prioritising cybersecurity education, public awareness, and proactive policies. Establishing dedicated internal resources to drive regional cybersecurity initiatives is not optional—it is a necessity for resilience, investor confidence, and long-term digital security.

Steven Williams is the executive director of Sunisle Technology Solutions and the principal consultant at Data Privacy and Management Advisory Services.

He is a former IT advisor to the Government’s Law Review Commission, focusing on the draft Cybercrime bill. He holds an MBA from the University of Durham and is certified as a chief information security officer by the EC Council

and as a data protection officer by the Professional Evaluation and Certification Board (PECB).

Steven can be reached at Mobile: 246-233-0090; Email: steven@dataprivacy.bb