Cullen International’s latest research shows that most national cybersecurity strategies in the Americas do not create binding obligations for the private sector. Instead, they set policy goals which include improving public organisations' cybersecurity preparedness and strengthening the response to incidents.
When there are binding obligations for private entities, these may involve requiring them to implement a risk assessment and management policy. The USA requires vendors to the federal government to manage cybersecurity risks in their supply chain.
Countries such as Brazil and Mexico have legislative proposals on cybersecurity with varying scopes. Even in such countries that do not currently have binding obligations for private entities, the proposed new laws signal the authorities' concern with cybersecurity and may lead to future obligations.
To access the full benchmark, please click on “Access the full content” - or on “Request Access”, in case you are not subscribed to our Americas Digital Economy service.
more news
16 December 25
Most European submarine cable operators have reporting obligations in case of outages
Our new benchmark investigates regulatory obligations for submarine cable operators in Europe (authorisation regime, reporting obligations in case of outages), the identification of high-risk vendors and special government power on submarine cables.
15 December 25
Global trends in copyright and AI
Our latest Global Trends benchmark provides key insights on how 14 jurisdictions are addressing the growing intersection between copyright law and artificial intelligence (AI).
10 December 25
Recent initiatives to protect copyrighted works from unlicensed use in training AI models in the Americas
Our new benchmark compares new initiatives across the Americas that address the impact of artificial intelligence (AI) training on the creative sector, particularly regarding the use of copyright-protected works.