“The guide offers and essential and hands-on roadmap to help SME-s across Latin America and the Caribbean to strengthen their digital defences and cyber resilience. With cyber threats increasingly targeting small and medium businesses, this guide translates complex global cybersecurity frameworks into actionable steps: from digital hygiene and phishing prevention to incident response and Zero Trust principles.” – Mari Seeba.
“Grounded in real-world examples, regional context and step-by-step activities, the guide seeks to empower SME-s to take ownership of their cybersecurity, regardless of size or budget. By following the action plan and fostering a culture of awareness in this guide, SME-s can not only reduce their vulnerabilities but also build trust with clients, partners and investors.” – Milena Patiño-Villa.
The guidebook is based on the LAC4 training for 18 small- and medium enterprises from Belize, Costa Rica, Guatemala, El Salvador, Honduras and Panama to build and strengthen their skills in protecting their systems, safeguarding valuable information and mitigate cyber threats, conducted in Antigua, Guatemala in March 2025. “This guidebook builds directly on the training materials that proved most useful during the training in Guatemala. As we observed carefully which methods worked best in practice and where adjustments were needed, we translated those lessons into this practical manual. We are grateful to the participants, who in addition to helping us test and refine the content also contributed with their own insights and experiences. We encourage SME-s to share this knowledge further in their networks to strengthen the region’s collective cyber resilience.” – Mari Seeba, Milena Patiño-Villa.
The guide, available in English and Spanish, offers several key take-aways and perspectives, for example:
- Cybersecurity as a business imperative: cybersecurity is not a technical luxury, it is essential for business continuity, reputation and growth. SME-s in LAC4 are increasingly targeted due to limited resources and lack of awareness. Leadership must assign clear responsibility for cybersecurity, even without a formal CISO, and treat it as a shared business priority.
- Practical risk management and prevention: common threats like phishing, ransomware, insider risks and emerging threats such as AI-powered attacks require proactive and practical measures. SMEs can start with a basic risk assessment, apply the “10 golden rules” of cyber hygiene and foster a security-aware culture through simple, continuous training and simulations.
- Resilience through preparedness and partnerships: building cyber resilience means having a incident response plan, adopting Zero Trust principles and managing risks across the supply chain. SMEs should implement phased actions using globally recognized frameworks, perform regular assessments and demand baseline security practices from partners and vendors.
LAC4 and EU CyberNet express deepest gratitude to contributors and stakeholders whose expertise and insights have made this guide possible and impactful. LAC4 hopes that this work serves as a valuable resource for SME-s striving to protect their business and contribute positively to regional cybersecurity resilience.
