Cybersecurity Threats Loom Large for Finance Sector in El Salvador as New Policy Takes Effect

In a move to bolster its defenses against increasingly sophisticated cyber threats, the government of El Salvador has introduced a comprehensive cybersecurity policy aimed at protecting critical infrastructure and safeguarding financial institutions from potential attacks.

Background

On May 13, 2022, Executive Order Number 163 was published, setting out guidelines for preventing and managing cybersecurity risk across the board. This new policy, dubbed the Cybersecurity Policy of El Salvador, lays out clear objectives to develop cybersecurity capacities and strengthen response mechanisms within public and private institutions alike.

Key Measures

• Creation of an entity to coordinate cybersecurity efforts
• Promotion of educational campaigns to raise awareness among citizens
• Adoption of good practices
• Establishment of specialized protection centers
• Encouragement of risk assessment as a method for reducing cyber incidents
• Promotion of international cooperation through technical assistance and collaboration with international organizations and friendly countries
• Training within the judicial sector to investigate and prosecute cybercrimes

Implementation

The policy is set to be implemented by all entities within the executive branch, with official institutions, autonomous bodies, and private companies that manage strategic assets of critical infrastructure strongly encouraged to take part. These entities are particularly vulnerable to cyber threats and have a relationship with public institutions.

Accessing the Policy Document

A copy of Executive Order Number 163 can be accessed through El Salvador’s Official Gazette, published on May 13, 2022. For further information or guidance, interested parties may contact the U.S. Commercial Service Office in San Salvador at office.sansalvador@trade.gov.