May 9, 2025
Early in 2024 I met Ms. Vergara-Cobos at a conference where we shared some information about our recent respective work activities. She disclosed to me about her work leading a research study at the World Bank that focused on how cybersecurity impacts the growth of developing countries. This struck me as a seminal work and I asked her for a chance to discuss it on Active Cyber™ when her work was complete. So I was very pleased a year later when I saw her again at the same conference and she was presenting the results of her work, and she agreed to do an interview. So read the interview below, as Ms. Vergara-Cobos reflects about the cyber challenges emerging nations face and how cybersecurity is impacting the economics and political landscape of developing countries.
Spotlight on Ms. Estefania Vergara-Cobos
» Title: Economist, World Bank
» Website: https://www.worldbank.org/ext/en/home
» Linkedin: https://www.linkedin.com/in/estefania-vergara-cobos-ph-d-421551a7
» Research paper – “Cybersecurity Economics for Emerging Markets”: See Sidebar for link
Check out her bio below.
Chris Daly, Active Cyber™: Welcome to the Active Cyber Zone, Estefania. What inspired your research on cybersecurity economics for emerging markets, and how long did it take to complete?
Ms. Estefania Vergara-Cobos, World Bank: Thank you Chris and readers. The research started three years ago. It was born from the recognition that there was no systematic or scientific evidence showing the economic rationale for investing in cybersecurity, especially in developing countries. Most existing assessments were anecdotal or speculative, so we aimed to fill that gap.
Active Cyber™: What were the biggest challenges you encountered in this research?
Ms. Vergara-Cobos: Data was the biggest challenge. Systematic global data on cyber incidents simply didn’t exist. Most proprietary datasets focus on developed countries. So we built our own database using machine learning on over 5 million online articles in 98 languages, identifying thousands of incidents in about 170 countries over the last decade.
Active Cyber™: How far back does your cyber incident database go?
Ms. Vergara-Cobos: Our own database goes back to 2016. We later merged it with the University of Maryland’s database, which dates to 2014 and focuses on developed countries. We took great care to avoid duplicates and ensure incidents were nationally relevant.
Active Cyber™: Is this database available to others?
Ms. Vergara-Cobos: We are preparing to make it publicly available soon.
Active Cyber™: What are the key findings of your research?
Ms. Vergara-Cobos: As economies become more digital, cyber threats increasingly endanger national development—yet their economic impact remains understudied. Our research provides novel empirical evidence linking cybersecurity exposure and national commitments to economic performance. Using our dataset on publicly disclosed cyber incidents over the past decade, and a range of econometric models, we find that frequent cyber incidents significantly reduce economic growth in developing countries. Specifically, the current annual increased exposure of nations to cyber incidents is associated with annual GNI per capita losses of 0.2% to 0.6%. This economic burden could already be exceeding the average annual cost of most natural disasters over the past five decades. At the industry level, we find strong arguments to validate the economic rationale of cybersecurity investments. Mainly, we found that more digitalized sectors—such as retail and manufacturing—perform better in countries with stronger cybersecurity commitments. These findings show that cybersecurity is not just a technical issue; it’s a critical foundation for economic resilience and development.
Active Cyber™: Do your recommendations include actionable steps for policymakers?
Ms. Vergara-Cobos: Yes. First, solutions need to be tailored to each country’s cyber threat landscape. For example, according to the data on publicly disclosed cyber incidents, public administration is the most targeted sector in developing countries, while healthcare leads in developed ones. Motives also differ—political in developing countries, financial in developed ones. Awareness campaigns, education, and targeted investments are essential.
Active Cyber™: How did you define and classify cyber incidents in your database?
Ms. Vergara-Cobos: We used a strict definition, clearly outlined in the book. We trained AI models to recognize incidents based on this definition, excluding irrelevant events like celebrity hacks or isolated misinformation.
Active Cyber™: How did you structure the econometric model, and what variables did you use?
Ms. Vergara-Cobos: We tested several econometric models: at the macro-level, we used cross-country growth models, including some to handle potentially technical issues like reverse-causality or omitted variable bias, and at the industry-level we use cross-industry, cross-country models, also testing for robustness of the findings with other model specifications. Both included standard economic growth determinants—government expenditure, trade openness, digitalization metrics, among others—to isolate the impact of cyber incidents and cybersecurity maturity.
Active Cyber™: What did your research show about the drivers of cyber incidents globally?
Ms. Vergara-Cobos: Political instability is a strong driver—countries with high geopolitical risk face more incidents. Another is economic—particularly high unemployment rates in educated populations. We also observed that countries with low cybersecurity maturity, as measured by the ITU’s GCI, saw incidents triple over the past decade, compared to 2.1x in high-maturity countries.
Active Cyber™: So how can countries break this cycle of vulnerability?
Ms. Vergara-Cobos: Through targeted cybersecurity investment informed by risk assessments. These assessments must account for each country’s unique drivers and vulnerabilities. This is an area where more empirical work is still needed, and we hope our research contributes to that foundation, and look forward to upcoming work from academics and other fellow researchers.
Active Cyber™: What gaps did you identify in cybersecurity practices across emerging markets?
Ms. Vergara-Cobos: First, there’s a skills gap—global cybersecurity workforce shortages hit low-income countries hardest. Second, there’s a research gap—most cybersecurity studies focus on developed countries. Third, there’s a market gap—many developing countries lack robust cyber tech sectors and sufficient demand to drive growth in this area.
Active Cyber™: Are governments in emerging markets taking an active role in strengthening cybersecurity?
Ms. Vergara-Cobos: Yes, cybersecurity is being taken more seriously, especially after the COVID-19 acceleration of digital services. But the investment isn’t always keeping pace with digital adoption. Policymakers everywhere face trade-offs, as they also need to invest in more classical forms of infrastructure like transport and energy, but also social needs like education and health. Encouragingly, the cybersecurity commitments of low-income countries have been improving, though progress is uneven. Although, worldwide, differences remain. Even within the same region, the roles of government differ. But the broader takeaway is that cybersecurity is a shared responsibility among all society actors—governments, private sector, citizens, and international partners all have a role to play.
Active Cyber™: What is your view on AI’s role in improving cyber defenses in emerging markets?
Ms. Vergara-Cobos: It’s a double-edged sword. AI can enhance basic cyber defense, especially where talent is scarce, but it also increases complexity and can be weaponized by malicious actors. We still need highly skilled professionals to handle advanced threats. The net impact of AI is unclear, but we must keep training top-tier cybersecurity professionals.
Active Cyber™: Where can people learn more about your work?
Ms. Vergara-Cobos: The book is titled Cybersecurity Economics for Emerging Markets and is available online for free at the World Bank’s Open Knowledge Repository (Download Here). We’re also preparing academic papers on this research, which I’d be happy to share once they’re out.
Thanks Estefania for sharing your insight from this seminal study about cybersecurity and emerging markets. I would expect that this study may help guide future investment by World Bank and developing nations to ensure robust cybersecurity capabilities as they deal with many stakeholder and constituent priorities. And thanks to my subscribers and visitors to my site for checking out ActiveCyber.net! Please give us your feedback because we’d love to know some topics you’d like to hear about in the area of active cyber defenses, authenticity, PQ cryptography, risk assessment and modeling, autonomous security, digital forensics, securing OT / IIoT and IoT systems, Augmented Reality, AI, or other emerging technology topics. Also, email chrisdaly@activecyber.net if you’re interested in interviewing or advertising with us at Active Cyber™.
About Ms. Estefania Vergara-Cobos
Estefania Vergara Cobos is an economist in the Chief Economist’s Office for the Infrastructure Vice Presidency at the World Bank, where she leads research on the economic and developmental impacts of digitalization, including the realm of cybersecurity, in developing countries. She holds a Ph.D. in Economics and a Master’s in Game Theory from Stony Brook University, with additional training in computer science. Her work has been published in top academic journals and is also the author of the book Cybersecurity Economics for Emerging Markets. |