Jamaica’s push to bolster its national cybersecurity defenses is taking a two-pronged approach, with top technology official emphasizing that new laws alone cannot stop the rising tide of transnational cyber threats. Dr Andrew Wheatley, Jamaica’s minister responsible for science, technology and special projects, is calling on all Jamaicans to boost their digital literacy and personal vigilance, arguing that individual awareness remains one of the most powerful safeguards against cross-border cyberattacks that often fall outside local law enforcement jurisdiction.
Speaking at a post-Cabinet press briefing held at Jamaica House in St Andrew on Wednesday, Wheatley pushed back against suggestions that existing and planned cybercrime legislation is insufficient to tackle modern threats, noting that most malicious cyber activity targeting Jamaican users originates from outside the country’s borders. Even with strong domestic cybercrime laws on the books, coordinating cross-border enforcement to stop transnational scammers and hackers remains a major challenge, he explained.
“We have to encourage our citizens to be very careful and aware of these scams, these attacks that are originating from outside of our jurisdiction, and so that is a responsibility that we all have as citizens to safeguard ourselves from these attacks,” Wheatley told the Jamaica Observer in response to questions about how effectively legislation can target transnational cyber offenders.
While the upcoming national cybersecurity legislation will streamline frameworks for international cooperation to investigate and prosecute hackers operating from abroad, Wheatley stressed that personal vigilance remains an irreplaceable first line of defense against widespread threats including phishing scams, unauthorized account takeovers and ransomware attacks. Drawing from his own personal experience with common phishing attempts, the minister noted that deceptive messages claiming unpaid invoices or locked accounts arrive in inboxes daily, and users bear personal responsibility for taking basic precautions when faced with suspicious correspondence.
Wheatley’s public remarks come as the Jamaican government advances sweeping updates to the country’s cybersecurity architecture, laying the groundwork for upcoming national cybersecurity legislation by moving to establish the National Cyber Security Coordination and Assurance Council (NCCAC). The new council will unify all of Jamaica’s dispersed cybersecurity assets under a single coordinated national strategy.
Just one day before the press briefing, during Tuesday’s parliamentary sectoral debate, Wheatley outlined the urgent need for updated policy, revealing staggering growth in cyberattack attempts targeting the country: more than 49 million attempts were recorded in 2023, a dramatic jump from just 12 million recorded in 2022.
Under the terms of the new legislation, Jamaica will formally establish a national cybersecurity directorate as a permanent statutory body, giving the country’s longstanding cybersecurity authority a formal legal foundation to operate. The law will also create a standardized national framework for identifying and protecting critical information infrastructure across key sectors that underpin Jamaican society, including energy, banking, telecommunications, healthcare, and government operations.
The proposed legislation will mandate minimum cybersecurity standards for all regulated sectors, grant the new directorate enforcement authority to ensure compliance, require clear mandatory reporting of cyber incidents, establish rules for responsible disclosure of unaddressed system vulnerabilities, and formalize regulation for cybersecurity service providers operating within Jamaica’s borders.
Even with these robust legal and structural updates in the works, Wheatley reiterated Wednesday that effective cybersecurity cannot be achieved through policy and enforcement alone. He explained that the vast majority of common, successful cyber attacks rely on social engineering, tricking individual users into voluntarily disclosing sensitive personal or financial information or clicking links loaded with malware.
Beyond phishing schemes that use urgent, deceptive messaging to bait users, the minister also highlighted the growing threat of ransomware attacks, where criminals lock users out of their personal accounts or organizational systems and extort payment in exchange for restoring access. While domestic law enforcement agencies including the Major Organised Crime and Anti-Corruption Agency are tasked with investigating and prosecuting cybercrime within Jamaica’s borders, Wheatley noted that comprehensive protection requires equal investment in both strong legislation and widespread public digital awareness.
Describing the cybersecurity landscape as a “very dynamic space” where threat tactics evolve constantly, the minister confirmed that the Jamaican government will continue adapting its policies and programs to protect citizens and critical infrastructure as new threats emerge. His core public message remains simple: when faced with an unexpected or suspicious message online, if users are unsure of its origin, the safest choice is to avoid clicking any links or downloading any attachments.
“If you’re not sure, don’t click. I think that is the message,” Wheatley said.