Caribbean Sets Cybersecurity Strategy as Skills Crisis Deepens

The CARICOM Implementation Agency for Crime and Security launched the updated Cyber Security and Cybercrime Action Plan (CCSCAP) 2025 on 31 October 2025, establishing a unified regional defence strategy centered on cyber resilience rather than reactive measures alone.

The updated framework introduces a sixth pillar focused on Incident Response, directly addressing gaps in coordination and training that have left Caribbean governments and organizations vulnerable to ransomware, identity fraud, and supply chain attacks. This signals a critical shift: cybersecurity is now a workforce development priority.

The Talent Gap is Acute and Growing

According to the World Economic Forum’s 2026 Global Cybersecurity Outlook, Latin America and the Caribbean face the most severe talent shortages in the region, with 65% of organizations reporting insufficient cybersecurity skills. The most acute gaps exist in roles that are hardest to fill quickly:

• Threat intelligence analysts
• DevSecOps engineers
• Identity and access management specialists

Confidence in regional cyber resilience is stark: only 13% of respondents in Latin America and the Caribbean believe their countries can effectively protect critical infrastructure, compared to 84% in the Middle East and North Africa.

AI-Powered Threats Require New Training Priorities

Cybersecurity threats have evolved. CEOs now rank cyber-enabled fraud as their top concern, overtaking ransomware. Threat actors are using artificial intelligence to automate deepfake phishing campaigns and deploy adaptive malware that bypasses traditional defences.

The Inter-American Development Bank and Organization of American States confirmed in their 2025 Cybersecurity Report that AI’s growing impact on the threat landscape demands updated governance, standards, and workforce capacity-building. This means cybersecurity training can no longer exist separately from AI literacy and responsible AI principles.

What This Means for Training Providers and Employers

Organizations across the Caribbean, Latin America, and Africa face immediate pressure to build cybersecurity capacity. The evidence is clear: 85% of organizations with insufficient resilience also lack critical cybersecurity skills.

Training providers should prioritize certification and upskilling pathways in:

• Incident response and crisis management
• AI-aware threat detection and analysis
• DevSecOps and secure software development
• ISO 27001:2025 compliance (updated for cloud and AI controls)
• Cybersecurity awareness for non-technical staff

The World Bank has supported 64 countries in cyber resilience since 2014, and is now funding cybersecurity awareness campaigns across Dominica, Grenada, St. Lucia, and St. Vincent and the Grenadines. This demonstrates that donor-backed support for regional capacity-building is active and available.

Standards Are Evolving

ISO released significant updates in 2025. ISO 27701 is now a standalone standard for Privacy Information Management Systems, and ISO 27001:2025 raises requirements for cloud security controls and AI-driven threat detection. Organizations pursuing certification must update training and compliance processes immediately.

For employers and training institutions, the message is clear: the Caribbean has a roadmap, but the region lacks the people to execute it. Workforce development in cybersecurity is no longer optional, it is a national and organizational imperative.