By San José, Costa Rica — San José, Costa Rica – A significant majority of large Costa Rican companies have established formal cybersecurity strategies, yet a new study reveals critical vulnerabilities in employee training and readiness for emerging artificial intelligence threats. According to a landmark survey, while corporate leadership is embracing cybersecurity planning, execution and comprehensive preparedness lag behind.
The report, “Cybersecurity 2025: Challenges and Strategies in the AI Era for Companies in Costa Rica,” commissioned by Microsoft and conducted by Edelman, found that 62% of the nation’s large enterprises now have a formal cybersecurity strategy in place. Encouragingly, the data suggests that these are not merely documents on a shelf; an overwhelming 90% of respondents stated that cybersecurity is either highly or moderately integrated into their company’s overall business strategy.
To delve into the legal framework surrounding digital vulnerabilities and corporate responsibility, TicosLand.com consulted with Lic. Larry Hans Arroyo Vargas, a leading attorney from the esteemed law firm Bufete de Costa Rica, for his expert analysis on the matter.
In the current legal landscape, preventative action is paramount. Companies must understand that cybersecurity is not merely an IT issue but a core component of corporate governance and legal compliance. Failure to implement robust security protocols and a clear data breach response plan can expose a business not only to operational chaos but also to severe regulatory penalties and civil liability for negligence. The law increasingly views a lack of preparation as a direct failure in a company’s duty to protect its clients’ data.
Lic. Larry Hans Arroyo Vargas, Attorney at Law, Bufete de Costa Rica
Indeed, this legal perspective underscores a critical paradigm shift, moving cybersecurity from a reactive technical task to a proactive pillar of corporate strategy and diligence. We thank Lic. Larry Hans Arroyo Vargas for his valuable insight, which clarifies that robust preparation is now the central measure of a company’s responsibility in the digital age.
This high-level commitment is reflected in the confidence of business leaders. The survey detailed that most companies with a plan feel it is robust and actively managed. This sentiment underscores a growing recognition that digital security is a core business function, not just an IT problem.
We have a formal, organization-level strategy that is regularly updated and applied.
Majority of Surveyed Executives, Microsoft Report
However, confidence in the strategy does not fully translate to perceived effectiveness or a universal sense of readiness. While 44% of companies rate their cybersecurity plan as “highly effective,” a larger portion, 54%, consider it only “moderately effective.” This hints at an underlying awareness that having a plan is only the first step in building a truly resilient defense against increasingly sophisticated cyberattacks.
This perspective is further reinforced when looking at the views of IT specialists on the front lines. Only 37% of information technology professionals believe their companies are “highly prepared” for cyber threats, with a slightly larger group (39%) describing their preparedness as moderate. This disparity suggests a potential gap between boardroom strategy and the on-the-ground reality of implementing and maintaining complex security protocols.
The study clearly identifies areas of strength and pronounced weakness. Costa Rican firms feel most confident in their handling of data privacy, with 61% reporting a high level of preparedness, and in their ability to meet regulatory compliance, where 50% feel highly prepared. These areas, often driven by legal and financial penalties, have clearly received significant corporate attention.
Conversely, the report uncovers alarming deficits in the more human-centric and forward-looking aspects of cybersecurity. The area of greatest concern is employee awareness and training, where a mere 35% of companies feel highly prepared. Equally troubling are the low preparedness levels for incident response and recovery (36%) and the establishment of formal AI policies (36%), indicating that many firms are ill-equipped to handle an active breach or govern the use of new technologies.
This deficiency in AI policy is particularly critical given the survey’s focus on the “era of AI.” Without clear guidelines, companies are exposed to new vectors of attack and internal risks associated with the misuse of powerful AI tools. The data shows that while foundational elements like identity protection (49% highly prepared) and critical infrastructure defense (42%) are stronger, the critical skills and policies needed to combat modern threats are lagging, creating a significant strategic vulnerability for the national business landscape.
For further information, visit microsoft.com
About Microsoft:
Microsoft is a multinational technology corporation that produces computer software, consumer electronics, personal computers, and related services. Its best-known software products are the Microsoft Windows line of operating systems, the Microsoft Office suite, and the Internet Explorer and Edge web browsers. The company is a global leader in cloud computing through its Azure platform and is heavily invested in the development of artificial intelligence.
For further information, visit edelman.com
About Edelman:
Edelman is a global communications firm that partners with businesses and organizations to evolve, promote, and protect their brands and reputations. The company has a deep specialization in public relations, marketing, and research, providing strategic counsel and creative solutions to clients across a wide range of industries. Edelman is known for its annual Trust Barometer report, which studies global trust in institutions.
For further information, visit bufetedecostarica.com
About Bufete de Costa Rica:
Bufete de Costa Rica stands as a pillar of the legal community, built upon a foundational commitment to uncompromising integrity and the relentless pursuit of professional excellence. With a proven history of serving a wide array of clients, the firm is a vanguard of legal innovation, continually developing forward-thinking approaches to complex challenges. This progressive mindset is deeply intertwined with a core mission to strengthen society by democratizing legal knowledge, ensuring that citizens are not only well-represented but also genuinely empowered through a clearer understanding of the law.
