Cybersecurity is increasingly shaping economic performance, not just IT outcomes, as cyber incidents grow in frequency and severity—particularly in low- and middle-income countries where digital adoption is rising faster than defenses. Citing 21 significant cyber incidents reported in 2025 by the Center for Strategic & International Studies, the article highlights how attacks—from public-sector data leaks to major crypto thefts—are now directly undermining development and public trust.
A key theme is that private cybersecurity markets often underperform, creating a case for stronger public intervention. At a World Bank knowledge session, World Bank Chief Economist for Infrastructure Stéphane Straub outlined four market failures driving underinvestment in cybersecurity:
- Information asymmetry: many firms lack reliable data on breach probability and potential damages, leading to poor investment decisions and a need for better information-sharing mechanisms.
- Externalities: security improvements create positive spillovers for interconnected organisations, but individual firms don’t capture the full benefit—resulting in underinvestment, which can be addressed through measures like mandatory certification.
- Tail risk: rare but catastrophic attacks are difficult to insure privately, requiring state involvement to protect critical infrastructure and sustain insurance markets.
- Supply-side inefficiency: in many emerging economies, limited competition in cybersecurity services raises costs and lowers quality, calling for policies that support market entry and healthier competition.
The session also drew on findings from the World Bank report Cybersecurity Economics for Emerging Markets by economist Estefanía Vergara. The report states that globally disclosed cyber incidents grew at an average annual rate of 21% over the last decade, with Latin America and the Caribbean identified as the fastest-growing region for disclosed incidents, at 25% average annual growth since 2014. In emerging markets, while financial gain remains a major driver, politically motivated incidents such as protest and espionage represent a larger share than in high-income countries, and public administration is the most frequently affected sector.
On economic impact, the report estimates that a developing country that reduces cyber incidents from the top quartile to the bottom quartile could see a 1.5% increase in GDP per capita. Ongoing research also suggests economic losses from cyberattacks in low- and middle-income countries will rise as digital integration deepens.
The article highlights an investment gap: per capita cybersecurity spending is around US$1 in countries such as India and Mexico, compared with US$30 in the United States and Canada. Stakeholders cited constraints including limited resources, slow policy response to rapid digitalisation, and systemic risk from interconnected infrastructure.
Proposed solutions include leveraging existing governance structures to coordinate cybersecurity across critical sectors, pooling infrastructure and human resources, standardising data protection and cybercrime regulations, and investing in capacity building—often supported by World Bank financing and technical assistance.
The core conclusion is that cybersecurity should be treated as an economic enabler, not a technical afterthought—because resilience, trust, and secure digital infrastructure directly influence productivity, investment, and growth.
