2026 Cybersecurity Gaps Expose Mexico to Numerous Threats

Mexico faces a structural lag in cybersecurity characterized by a disconnection between the regulatory framework and the capacity to respond to incidents, says SILIKN. These events maintain critical levels of frequency and technical sophistication as of late 2025.

The landscape of the country does not derive from a lack of diagnoses, but from insufficient implementation of designed protocols, says the company. The sophistication of threats demands a transition from institutional rhetoric to verifiable tactical capacity. "The central problem of cybersecurity in Mexico is not the absence of strategies or diagnoses, but the persistent distance between design and execution; between formal adherence to international standards and their effective application," says Víctor Ruiz, Founder, SILIKN.

Regional and National Diagnosis

The 2025 Cybersecurity Report: Vulnerability and Maturity Challenges to Bridging the Gaps in LAC, developed by the Organization of American States (OAS) and the Inter-American Development Bank (IDB), places Mexico in a position of persistent vulnerability. Despite the existence of a roadmap that includes the 2017 National Cybersecurity Strategy and the creation of the Digital Transformation and Telecommunications Agency (ATDT) in 2025, the country has not successfully mitigated its exposure to risk.

The government has integrated cybersecurity into high-level planning instruments, such as the 2019–2024 National Development Plan. The state has also sought alignment with international frameworks, specifically the NIST Cybersecurity Framework and the ISO/IEC 27001 standard. However, these actions operate primarily on a theoretical level. Operational reality reveals that Mexico remains one of the primary targets for cyberattacks globally, with intrusion volumes that exceed the installed capacity of the CERT-MX and other response entities, reports SILINK.

Professionalized cybercrime keeps maturing. Criminal groups have adopted scalable business models, such as ransomware as a service, powered by AI and automation tools. While the attacking sector evolves under a logic of technical efficiency, the national defense architecture remains fragmented, with an excessive reliance on reactive measures rather than proactive ones.

Complementary Details and 2026 Perspectives

The disparity between regulatory advances and technical reality is reflected in international indicators. In the Global Cybersecurity Index of the International Telecommunication Union, Mexico occupies an intermediate position that suggests a compromised competitiveness in the digital economy. Deficiencies are concentrated in four critical pillars:

1. Specialized Talent Deficit: A structural lack of professionals trained in digital forensic analysis and complex incident response limits the operations of command centers.

2. Chronic Underinvestment: The cybersecurity market projects growth, but the allocation of resources in public institutions and small businesses lacks solid technical criteria.

3. Judicial Inconsistency: The legal system faces challenges to process cybercrimes due to the lack of specialized training in the chain of custody for digital evidence.

4. Public-Private Disarticulation: Although alliances are mentioned, the exchange of threat intelligence in real time is limited, which prevents a coordinated defense against attacks directed at critical infrastructure.

During 2024, hundreds of billions of intrusion attempts were recorded. In the first few months of 2025, the pace of attacks remained at critical levels, equivalent to several events per second. Mexico is again among the most affected countries in Latin America and within the group of highest global risk regarding threats such as phishing and ransomware.

Toward 2026, the trajectory of cybersecurity in Mexico will depend on the execution of the 2025–2030 National Cybersecurity Plan. If rigorous supervision, audit, and sanction mechanisms are not consolidated, the economic cost of attacks will continue to rise. 

Ruiz says that the transition toward a resilient ecosystem requires that the allocated budget translates into tangible technical capabilities and the hardening of compliance regulations for strategic sectors. Inaction or the continuity of a policy based only on crisis management will represent a systemic risk for economic confidence and the integrity of national critical infrastructure in the short term.