Sign in Subscribe
6 min read

Jamaica's Digital Reckoning: AI-Driven Cyber Threats and the Race to Build a Resilient Nation

Share
Jamaica's Digital Reckoning: AI-Driven Cyber Threats and the Race to Build a Resilient Nation

A senior cybersecurity official's warning at the Jamaica Diaspora Conference captures a country at a turning point — recording historic gains in physical crime while scrambling to fortify itself against an accelerating digital threat landscape it cannot afford to ignore.

The Warning from Montego Bay

When Dr. Patrick Linton, chief cybersecurity expert at Jamaica's Major Organised Crime and Anti-Corruption Agency (MOCA), addressed the 11th Biennial Jamaica Diaspora Conference at the Montego Bay Convention Centre, he came bearing both good news and a sobering forecast.

The good news: cyberattacks in Jamaica have been declining, a testament to expanded public education, tighter institutional coordination, and more robust response systems. The forecast: that decline is almost certainly temporary.

"We are going to be seeing a proliferation of cyber attacks that are now associated with AI," Linton warned the conference. "AI-perpetrated-type cyberattacks — so we require persons to understand what's happening."

For a country that has simultaneously celebrated a historic fall in violent crime — 674 murders in 2025, the first time the annual total has dipped below 700 in more than three decades, according to Deputy Prime Minister Dr. Horace Chang — the digital frontier now represents the next security frontier.

The story of physical crime in Jamaica is one of hard-won progress. The digital crime story is still being written — and the next chapter looks turbulent.

From 12 Million to 49 Million: The Escalation in Numbers

Dr. Linton's conference warning is not hypothetical. It is backed by alarming official data.

In 2025 alone, there were more than 49 million cyberattack attempts on Jamaica, up from 12 million in 2022. Critical government systems and institutions were targeted and breached. That is a roughly fourfold increase in three years — and the attacks are not slowing down. 

A data breach on a major government digital platform exposed the personal information of hundreds of thousands of Jamaicans. More recently, a reported cyber incident at the National Health Fund (NHF) — potentially exposing sensitive beneficiary and medication data — further underscored how exposed public institutions remain.

Opposition Spokesman Christopher Brown warned that Jamaica urgently requires a Cybersecurity Act to establish minimum security standards, accountability frameworks, and enforcement mechanisms across government entities, saying the NHF incident underscores precisely why that legislation can no longer be delayed.

The numbers, as one government minister put it bluntly: "These are not warnings — these are results."

What AI-Driven Cybercrime Actually Means

Dr. Linton's reference to "AI-perpetrated cyberattacks" is not a vague futuristic concern. It describes a concrete and already-emerging shift in how attacks are designed, launched, and scaled.

Artificial intelligence is now being used to automate phishing campaigns that are indistinguishable from legitimate communication, to generate convincing deepfake audio and video for social engineering attacks, to identify software vulnerabilities faster than human analysts can patch them, and to adapt malware in real time to evade detection systems.

Jamaica's Minister of Science, Technology and Special Projects Dr. Andrew Wheatley acknowledged that artificial intelligence is now being weaponised by attackers, that supply chain compromise has become the primary concern of large organisations globally, and that critical information infrastructure protection has moved from aspiration to operational necessity. 

For a small island economy with rapidly growing internet penetration and an expanding digital public sector, this means attacks that were once the preserve of nation-state actors are now available to criminal groups with modest resources and serious motivation.

Dr. Linton's recollection from two decades ago — visiting South Korea, which faced 16,000 cyber attacks per day, while Jamaicans back home thought such a scenario unimaginable — carries the uncomfortable implication that Jamaica is now on that curve itself, just at an earlier, more preventable stage.

Jamaica's Cybersecurity Policy Journey: A Decade of Building

Understanding what Jamaica is doing about this threat requires understanding what it has already built — a foundation that is more substantial than outside observers might expect, but that still has significant gaps.

The Cybercrimes Act (2015). Jamaica's first dedicated cybercrime legislation created the legal framework for prosecuting a range of digital offences. Jamaica's Cybercrimes Act covers the protection of people, data, systems, services, and infrastructure, and sets out the offences and penalties for committing a cybercrime. Since its passage, a joint select committee has reviewed it and recommended new offences be added, including provisions that would need to work in tandem with child protection laws, defamation law, and anti-terrorism legislation.

The National Cybersecurity Strategy (2015, revised 2021–2025). Jamaica has now completed two full national cybersecurity strategy cycles, built on five strategic pillars: protect, deter, build, partner, and govern. The Director of the Jamaica Cyber Incident Response Team (JaCIRT) reflected that over ten years of delivering cybersecurity on behalf of the Government of Jamaica, sovereign interests have fundamentally changed the way the country views, manages, and responds to threats.

The Data Protection Act (2020, fully operational 2023). Jamaica's Data Protection Act, fully operational since December 2023, marks a significant change in how personal information is collected, processed, and protected, giving individuals rights over their data — including the right to access it, correct it, and in some cases, request its erasure. 

MOCA's Cyber Forensics and Risk Management Unit. MOCA's Cyber Forensic Lab was established in 2012, and its remit has grown to include cyber defence, cybersecurity incident response, ransomware investigations, internal and external audits of government networks, vulnerability assessments and penetration testing, and cybersecurity awareness seminars delivered to academic, private, and public organisations. 

JaCIRT. Jamaica's Computer Incident Response Team provides the government's front-line alerting and response capability, monitoring active threats and publishing advisories on critical vulnerabilities.

What Is Coming Next: The Third Strategy and the Push for Legislative Teeth

The 2021–2025 strategy cycle has now expired, and Jamaica is preparing what its government is billing as a more ambitious and institutionally durable successor.

The government has announced the establishment of a National Cybersecurity Coordination and Assurance Council (NCCAC) to serve as the central coordination and delivery authority for Jamaica's national cybersecurity posture, with a 24-month mandate housed within the Office of the Prime Minister. Its specific mandate is to convert every cybersecurity asset Jamaica already possesses — every standard, every plan, every unit, every dollar of investment — into a coordinated, accountable, measurable national capability. 

Crucially, the government is also moving toward dedicated cybersecurity legislation — a step beyond the existing Cybercrimes Act. The planned Cybersecurity Act will mandate minimum cybersecurity standards across regulated sectors with the authority to enforce compliance, create clear obligations for incident reporting, require responsible disclosure of vulnerabilities, and regulate cybersecurity service providers operating in Jamaica. 

A cybersecurity policy and legislative gap assessment is to be completed within the first four months of the new national governance framework, with drafting instructions finalised by month six and Cabinet submissions on the full legislative package targeted for months nine through twelve. Jamaica Observer

Financing is also in place. The IDB-financed project seeks to address existing gaps by implementing a national critical infrastructure protection strategy, strengthening the government's cybersecurity response, promoting cybersecurity awareness, providing training for public sector and critical infrastructure professionals, and supporting the development of cybersecurity curricula for primary and secondary schools. The total investment of $10 million from the IDB and USAID is approved and will be deployed through 2029. 

The Gap Between Ambition and Urgency

Despite these positive developments, a tension is visible in Jamaica's cybersecurity posture — between the pace of institutional reform and the pace of the threat.

Opposition figures have argued that while the Government has suggested a timeline extending to 2027 for cybersecurity legislation, recent events make clear that this pace is wholly insufficient, saying the risks are immediate and that every day without a legislative framework is a day Jamaica's citizens, institutions, and digital future remain unnecessarily exposed. 

There is also the structural matter of cyber maturity. A 2012 assessment of Jamaica's cyber maturity rated the country at just 40 per cent of the maximum score, contrasting with the regional leader who was at 70 per cent. Closing that gap requires not just laws and strategy documents, but trained personnel, funded institutions, and a culture of security that extends from government ministries down to individual users. 

That is precisely why Dr. Linton's emphasis on public education at the Diaspora Conference matters. MOCA is embedding cybercrime awareness into schools, universities, churches, and community groups — because the weakest point in any security architecture is almost always the human being clicking on a phishing link or sharing credentials over an unsecured channel.

What Jamaica Must Do — and Do Now

The convergence of four factors makes the current moment unusually consequential for Jamaica's digital security: the exponential growth in attack volume, the weaponisation of AI by threat actors, the increasingly sensitive nature of government digital infrastructure, and a legislative framework that is still catching up to the threat it faces.

The path forward has three pillars. First, Jamaica needs its dedicated Cybersecurity Act passed as a matter of urgency — not on a 2027 timeline, but as fast as the drafting process allows. Minimum standards, mandatory incident reporting, and enforcement authority cannot wait for the next major breach.

Second, the NCCAC must function as more than a coordination body — it must have the authority and resources to compel compliance from ministries and agencies that have historically treated cybersecurity as an IT problem rather than a governance one.

Third, and perhaps most critically, the human dimension of cyber defence — the awareness campaigns, the school curricula, the diaspora engagement — must be treated with the same seriousness as the technical and legislative dimensions. AI-driven attacks are sophisticated. But they still, very often, require a human to make a mistake first.

Jamaica has demonstrated that it can reverse seemingly entrenched crime trends with sustained political will, institutional investment, and community engagement. The country's murder rate trajectory proves that. Applying the same determination to cybersecurity is not just a policy choice — it is a national security imperative.

The screens, as Dr. Linton said, are where crime is rising now. The question is whether Jamaica's institutions can move as fast as the threat.

Published by:

The CyberDiplomat

Member discussion