Anais
Resumo do trabalho
Tecnologia da Informação · Adoção de TICs e Impactos Organizacionais
Título
Multicriteria Analysis of Cybersecurity Maturity in the Largest Economies in Latin America using CRITIC-WISP
Palavras-chave
Cybersecurity
Multicriteria Analysis
Latin America
Autores
-
Erik MiyashitaUSP - Universidade de São Paulo
-
Luis Hernan Contreras PinochetFaculdade de Economia, Administração, Contabilidade e Atuária da Universidade de São Paulo
Resumo
Introdução
In the digital age, cybersecurity is a pillar of economic stability and national security. Latin America, in the midst of a digital acceleration, is facing an escalation of cyberattacks, with damages that can exceed 1% of the GDP of some countries. Indices such as the Global Cybersecurity Index (GCI) are valuable, but they focus on declared capabilities, without reflecting the socioeconomic reality. This study proposes an innovative model to fill this gap, evaluating the ten largest economies in the region in an integrated manner.
Problema de Pesquisa e Objetivo
Problem: How do institutional pillars and socioeconomic factors influence the cybersecurity maturity of the largest Latin American economies when assessed by objective multicriteria methods?
Objective: To assess and classify the cybersecurity maturity of the ten largest economies in Latin America, applying a Multi-Criteria Analysis for Decision Making (MCDM) model that integrates the pillars of the ITU GCI with socioeconomic indicators from the World Bank, to provide a more realistic diagnosis.
Objective: To assess and classify the cybersecurity maturity of the ten largest economies in Latin America, applying a Multi-Criteria Analysis for Decision Making (MCDM) model that integrates the pillars of the ITU GCI with socioeconomic indicators from the World Bank, to provide a more realistic diagnosis.
Fundamentação Teórica
The assessment of cybersecurity maturity is based on global frameworks, such as the Global Cybersecurity Index (GCI), which defines five essential pillars (Legal, Technical, Organizational, Capability Development, and Cooperation). This study adopts these pillars and enriches them with contextual factors: Digital Adoption (attack surface) and Gross Domestic Product (resources and attractiveness to attacks), arguing that an assessment based solely on declared capabilities is incomplete.
Metodologia
This quantitative study uses multicriteria analysis to evaluate the ten largest economies in Latin America. Data for the five GCI criteria were extracted from the ITU report, and GDP and Internet usage data were obtained from the World Bank. The methodology was applied in two phases: first, the CRITIC method determined the objective weights of the criteria based on their variability and correlation; then, the WISP method was used to aggregate the results and generate the final ranking of the countries.
Análise dos Resultados
The analysis revealed that GDP (C7) was the criterion with the greatest weight (18.22%), followed by Organizational Measures (C3) and Internet Usage Percentage (C6). This validates the hypothesis that the socioeconomic context and governance are crucial. The final ranking, generated by the WISP method, positioned Brazil and Mexico as consistent leaders. Ecuador stood out in 3rd place, showing that institutional maturity can overcome isolated economic power.
Conclusão
The study showed that cybersecurity maturity in Latin America does not depend solely on declared capabilities, but is strongly linked to the economic context and digital attack surface of each nation. The ranking, led by Brazil and Mexico, revealed that economic power does not guarantee maturity, as illustrated by the excellent positioning of Ecuador (3rd) and the modest performance of Argentina (8th), highlighting the importance of robust governance structures and balanced investments.
Contribuição / Impacto
Theoretically, the study validates the use of MCDM methods for more comprehensive cybersecurity assessments, integrating contextual factors. In practice, it offers public managers in Latin America a diagnostic tool that highlights misalignments between economic/digital development and institutional capacity, as in the cases of Chile and Argentina. It reinforces cybersecurity as a strategic pillar for socioeconomic development, guiding actions to strengthen digital resilience in the region.
Referências Bibliográficas
Diakoulaki, D., Mavrotas, G., & Papayannakis, L. (1995). Determining objective weights in multiple criteria problems: The critic method.
Computers & Operations Research, 22(7), 763–770.
Global Cybersecurity Index. (2024). ITU.
https://www.itu.int/en/ITU-D/Cybersecurity/pages/global-cybersecurity-index.aspx
Stanujkic, D., Popovic, G., Karabasevic, D., Meidute-Kavaliauskiene, I., & Ulutaş, A. (2023). An Integrated Simple Weighted Sum Product Method—WISP.
IEEE Transactions on Engineering Management, 70(5), 1933–1944.
Computers & Operations Research, 22(7), 763–770.
Global Cybersecurity Index. (2024). ITU.
https://www.itu.int/en/ITU-D/Cybersecurity/pages/global-cybersecurity-index.aspx
Stanujkic, D., Popovic, G., Karabasevic, D., Meidute-Kavaliauskiene, I., & Ulutaş, A. (2023). An Integrated Simple Weighted Sum Product Method—WISP.
IEEE Transactions on Engineering Management, 70(5), 1933–1944.