Cullen International’s latest research shows that most national cybersecurity strategies in the Americas do not create binding obligations for the private sector. Instead, they set policy goals which include improving public organisations' cybersecurity preparedness and strengthening the response to incidents.
When there are binding obligations for private entities, these may involve requiring them to implement a risk assessment and management policy. The USA requires vendors to the federal government to manage cybersecurity risks in their supply chain.
Countries such as Brazil and Mexico have legislative proposals on cybersecurity with varying scopes. Even in such countries that do not currently have binding obligations for private entities, the proposed new laws signal the authorities' concern with cybersecurity and may lead to future obligations.
To access the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our Americas Digital Economy service.
more news
14 November 25
Most European NRAs regulate wholesale access to fibre
Our latest pan-European benchmark provides an overview of the market definition of M1/2020 and the remedies imposed on fibre unbundling and VULA over fibre, the wholesale prices for fibre unbundling at the optical distribution frame and for VULA over fibre.
07 November 25
How are EU member states transposing NIS2? - Continued
Cullen International’s latest Benchmark continues its analysis of NIS2 transposition across 18 EU countries, focusing on cybersecurity risk-management, incident reporting, and enforcement.
05 November 25
EU member states set out emissions reduction plans in long-term strategies
Our new benchmark compares EU countries' long-term strategies, outlining their 2030 and 2040 targets, overall and sectoral (transport and power) emissions reductions, energy consumption projections, renewable energy target, potential investments needed, R&D requirements and socio-economic aspects.