Colombian market: make your company shine in cybersecurity

The digital environment has opened the door to countless opportunities — from learning a recipe to applying for your dream job. However, this hyperconnectivity also exposes us to growing risks, such as fraud and digital scams. In this context, it is becoming increasingly urgent for more companies to enter the Colombian market and offer technological solutions that protect both users and organisations.

At Sherlock Communications, we are sharing key insights to help you strengthen your cybersecurity strategy and stand out in Colombia’s tech sector — safely and strategically.

Colombia’s urgency for security

Colombia is experiencing a sharp rise in cyberattack attempts. In 2024 alone, nearly 20 billion intrusion attempts were recorded, according to Cambio magazine. As a result, Colombian consumers are becoming more demanding regarding data protection, expecting clear, proactive responses from brands. We have identified that this environment presents major challenges for companies, institutions, and users alike.

Contrary to the belief that only government and corporate sectors are targets, other industries have also been heavily impacted. The education sector has seen a 75% increase in attacks — over 3,500 weekly incidents — while the health sector has faced a 47% rise. In 2023, the financial sector was hit hardest (35%), followed by business groups, legal firms, and government entities. SMEs, meanwhile, remain among the most vulnerable due to limited cybersecurity infrastructure.

What are the common threats in the Colombian market?

According to data from Infobae, based on a Fortinet report, Colombia was the target of more than 36 billion cyberattacks between January and November 2024. Two of the most significant threats are:

• Phishing: Phishing involves impersonating legitimate institutions (banks, payment platforms, well-known companies) to deceive users and obtain confidential information, such as passwords or account numbers. According to the global firm Kaspersky, 2.4 million phishing attempts were detected in Colombia in the last 12 months, representing a 12.5% increase compared to the previous year.
  
• Ransomware: This type of malware blocks access to systems or encrypts an organisation’s files, demanding payment to restore them. It is one of the most costly and difficult threats to confront. According to ASOBANCARIA, between January and May 2024, 5,528 complaints of abusive access to computer systems were reported, an increase of 24.48% compared to the same period in 2023 (4,441 cases).
  

What regulatory framework governs cybersecurity in Colombia?

Beyond legal compliance, adherence to data protection standards has become a strategic factor for corporate reputation, differentiation, and customer loyalty in the Colombian market. In a country where over 50% of people share personal information only if they fully trust its handling, having clear cybersecurity policies is essential to building credibility.
Colombia’s regulatory framework includes:

• The Habeas Data Law, which governs the handling of financial data
  
• Law 1581 of 2012, which outlines general principles for the legal, secure, and transparent processing of personal data
  
• Oversight by the Superintendence of Industry and Commerce (SIC), including the National Database Registry (RNBD) and rules for international data transfer.
  

The country has also made key strides in integrating digital security into its broader tech transformation agenda. One milestone is CONPES 4144, approved on 14 February 2025, which defines Colombia’s National Artificial Intelligence Policy. This policy, aligned with the 2022–2026 National Development Plan and the 2023–2026 National Digital Strategy, aims to promote the development, adoption, and ethical use of AI in Colombia. 

Its objectives include strengthening digital infrastructure and governance, promoting AI research and innovation, and establishing ethical principles to identify, prevent, and mitigate risks such as digital security threats, algorithmic bias, and privacy breaches. These regulations and initiatives create an increasingly rigorous yet favourable environment for organisations to build trust, transparency, and digital resilience in the Colombian market.

How is Colombia betting on cybersecurity? 

Both the public and private sectors in Colombia have increased cybersecurity investments. The MinTIC allocated over COP 15.5 billion to create a National Security Operations Centre, strengthening the country’s response to digital incidents.

Meanwhile, the private sector has also stepped up: one mobile operator announced a COP 15 billion investment to improve digital security for companies in Colombia. Regionally, an EY study revealed that 50% of companies in Latin America have invested between USD 10–49 million in cybersecurity solutions, cementing this field as a strategic priority.

Understanding the media and its potential influence on the Colombian market

Colombia is home to hundreds of media outlets, many owned by major economic conglomerates such as RCN, Caracol, Grupo Prisa (via Caracol Radio), Grupo Ardila Lülle, Grupo Semana, El Tiempo Casa Editorial, and RTVC (Public Media System). These media groups have long dominated national news and continue to play a central role in shaping the national agenda.

However, in recent years, outlets like Forbes, Bloomberg Línea, and ENTER.CO have emerged as influential sources for decision-makers, business leaders, and innovation-focused audiences.

A new wave of independent media, led by journalists, tech experts, and cybersecurity advocates, has also taken root. These platforms not only diversify the ecosystem but also offer deeper coverage of critical topics like data protection, digital threats, and the internet’s role in everyday life.

Understanding this ecosystem is crucial to effectively communicating about cybersecurity, building credibility in the Colombian market, and reaching the right audiences at the right time.

How to position yourself in the Colombian market

To gain traction in Colombia, it’s not just about understanding the landscape — it’s about the services you offer. This is where you come in, supporting the team’s efforts. Here’s what you need to know:

• Localise your messaging and key information: Are you familiar with Colombian regulations? Are you aware of the challenges companies and users face in the country? If so, the next step is adapting your messages to connect with that reality and demonstrate how you can provide tangible support.
  For example, imagine launching a new software solution just after a massive cyberattack affects over 400 Colombians. That timing gives you a unique opportunity to be relevant, empathetic, and helpful. Addressing current events in the language your audience speaks shows that you’re not just another vendor — you’re a partner who understands what’s at stake.
• Differentiate from local and global competitors: “Being different is better than being better.” This quote from branding expert Sally Hogshead sums it up perfectly. In a saturated market, differentiation isn’t just about a flashy logo or creative campaign, though those help — it’s about delivering real, relevant value.
  Imagine a cybersecurity firm in Colombia. While many competitors focus on traditional solutions like antivirus or antimalware, this firm chooses to specialise in Intrusion Detection and Prevention Systems (IDS/IPS). This specialisation not only provides better protection against advanced threats but also positions the company as an expert, trustworthy brand with strategic vision. The key, of course, is communicating that clearly and effectively.
• Build trust through success stories: Your company offers solid services — and the results speak for themselves. So why not showcase them?
  Picture this: you helped a major financial institution detect and contain malware designed to steal data and disrupt operations. Thanks to your team’s swift action, the threat was neutralised before escalating. Stories like this are powerful credibility drivers. Well-structured case studies — with clear data, context, solutions, and outcomes — are essential tools for building trust. They don’t just prove your expertise; they position you as a reliable, strategic partner. Trust isn’t demanded — it’s earned. And sharing your wins is part of the process.

How to build credibility as a trusted cybersecurity partner through Public Relations

Everything we have shared — the current cyberattack landscape, the most common threats, regulations, and national investments — might feel overwhelming. But believe us: every data point matters. 

Why? To truly be part of Colombia’s digital ecosystem, it’s not enough to have technical solutions or comply with regulations. You also need a trustworthy, visible brand with a clear message. And that’s where you and your company can shine.

Here are some key recommendations — beyond the technical or legal — that combine strategic communication, education, and public relations:

• Define a relatable narrative: Use a clear umbrella message that summarises your value proposition and speaks to both business leaders and everyday users.
  
• Educate to build authority: Share studies, e-books, or expert insights that demonstrate your expertise and position you as a leading voice in the field.
  
• Act with timeliness: Take advantage of major cybersecurity events — such as global breaches — to share insights, showcase leadership, and project an expert, proactive presence.

After exploring the regulatory landscape and differentiation strategies, it is clear that standing out in Colombia’s cybersecurity market is about more than just offering technical services. It is about clearly communicating what makes your company unique, demonstrating tangible results, and building trust with every interaction.

In Colombia, both clients and investors are looking for more than just providers — they want strategic partners who understand the local context, respond effectively, and think long-term. At Sherlock Communications, we work to help your company do exactly that. We design solid, localised, and effective strategies to help you stand out and build a strong, trustworthy reputation in Colombia’s digital ecosystem.