The recent Cybersecurity Framework Law (Law 21,663) in Chile establishes a significant regulatory milestone, creating a general framework for digital protection that transcends traditionally regulated sectors and reaches a greater number of private institutions. This new regulation seeks to address the growing scenario of cyber threats in the region and at the local level.

Digital Threat Context

The launch of this law is framed in a panorama of high risk, evidenced by alarming figures in the region:

  • 62% of companies in Latin America have suffered data leaks in the last year.
  • Chile registers more than 50,000 cyber attacks per month.
  • 10.5 million phishing attacks were reported in Latin America between 2022 and 2023.

Faced with this increase in cybercrime, governments are intensifying regulations to safeguard cybersecurity.

The New Strategic Role of Human Resources

One of the most notable aspects of Law 21,663 is the transformation of the role of the Human Resources (HR) area. In an environment where employee information is highly sensitive, HR stops being just a talent manager and becomes a key player in data protection, the prevention of regulatory sanctions and the safeguarding of organizational reputation.

Law 21,663 requires companies to implement a formal information security plan, which includes:

  • Strict control of access and processing of employee and third party data.
  • Detailed documentation of security processes and protocols.
  • Carrying out drills, internal reports and constant monitoring of incidents.
  • Rigorous evaluation and control of suppliers linked to HR.

Failure to comply with these provisions can lead to fines exceeding USD 1.4 million, in addition to seriously affecting the operational continuity and corporate reputation of companies.

Principles of Integrated Cybersecurity

The new Chilean regulation is aligned with global security principles, emphasizing the need to integrate cybersecurity from design and proactive management:

  • Privacy by Design: Incorporate privacy considerations from the initial stages of systems and process development.
  • Data minimization and access control: Collect only the necessary information and apply strict access controls.
  • Proactive incident management: Preparation and efficient response to any security incident.

Conclusions

The implementation of the Cybersecurity Framework Law in Chile represents more than a regulatory requirement; It is a strategic opportunity. By integrating cybersecurity into people strategy and across the organization, companies can strengthen their security culture, operate with greater confidence and robustness, and build competitive advantage in an increasingly complex digital environment. This law raises the bar for compliance and reinforces corporate digital responsibility in the country.

Confidence

What would we do in these cases?

Cybersecurity Compliance | ISO 27001, PCI DSS and Audits - Comfidentia

Regulatory compliance services: compliance audits, ISO 27001 certification, PCI DSS, training, digital governance and regulatory compliance. Ensure the trust of your clients and maintain an impeccable reputation.

Protect yourself from cyber threats with our regulatory cybersecurity solution. Our comprehensive services will help you comply with all regulations and standards, from the development of instructions and procedures, to technical training and comprehensive audits.

Clear Documentation and Improved Security

We generate detailed and understandable processes for your organization, eliminating dependence on specific personnel and guaranteeing efficiency. Additionally, with our Comprehensive Security Training, you will learn how to protect your infrastructure and raise awareness among your team about the importance of cybersecurity. Optimize your business and strengthen your digital defenses today!

Expert Audits for a Secure Infrastructure

We offer different audit services, such as exhaustive analysis of all risks and vulnerabilities in your architecture or infrastructure, and prioritization of solutions without affecting your business. Additionally, we identify any configuration changes made, whether authorized or unauthorized. With our Architectural Recognition service, we review every endpoint, service, API and communications element to generate accurate diagrams that will give you a clear view of your critical architecture. And if you need more, we also create topological diagrams of your entire network. Don’t put your business at risk, trust us!

Comply with ISO Standards and Strengthen your Security

We accompany you throughout the entire ISO 27001 certification process, from the initial analysis to post-certification maintenance, ensuring continuous compliance. Comply with international standards and strengthen the security of your organization.

PCI DSS Compliance

If your business processes, stores, or transmits payment card data, we help you comply with PCI DSS standards and maintain certification.

Training and Coaching

We train your team in security and compliance through specialized training programs and practical drills.

Digital Governance

We establish governance frameworks for information security, aligned with your business objectives and compliance requirements.

Availability Test: DP World Case

This case is the ultimate proof that Comfidentia understands Availability (the ‘A’ of the CID/CIA triad). Faced with an extreme crisis, we managed to restore the critical operation in less than 24 hours.

See complete success case See complete success case Source: See more at Comfidentia

Other related pages:

Schedule a presentation with Comfidentia

References

Original source: See original article

  • Law 21,663, Cybersecurity Framework Law
  • Conversation “Cybersecurity as a pillar for Human Resources”, organized by ADP Research Institute