AI Drives Cybersecurity in Mexico, but Governance Gaps Remain

AI is becoming central to cybersecurity strategies in Mexico’s largest enterprises, yet critical governance and preparedness gaps persist, warns Microsoft in its Cybersecurity 2025: Challenges and Strategies in the AI Era for Large Enterprises in Mexico report. The study outlines how companies are adjusting to an environment shaped by advanced cyber threats and broader digitalization. 

 “The challenge is no longer if to invest in security, but how to scale it with AI and with responsible governance across every layer of the organization,” says Marcelo Felman, Cybersecurity Director, Microsoft Latin America.

The study, conducted by Edelman for Microsoft, indicates that 65% percent of Mexican enterprises perceive cybersecurity threats as an active and tangible challenge. However, only 56% report direct involvement from senior leadership in cybersecurity decisions, which reflects a governance gap that affects risk exposure and operational continuity.

This environment is influenced by expanded cloud adoption, increased remote workflows, and higher volumes of data processing. As a result, cybersecurity planning is now linked to business strategy. Up to 92% percent of specialists confirm that cybersecurity programs are aligned with corporate objectives, which demonstrates that resilience considerations are becoming part of broader operational decision-making.

The assessment of preparedness levels shows uneven progress. Thirty-eight percent of IT specialists consider their organizations highly prepared to address threats, while 43% describe their state as moderate. These figures suggest that many companies continue to strengthen governance structures, controls, and training programs.

Companies report stronger readiness in data privacy management and digital identity oversight. However, significant gaps remain in formal policies governing the use of AI and workforce training related to automated systems. Limited guidance and non-standardized practices influence incident response capacity and the ability to manage algorithmic risks.

Formal cybersecurity strategies are present in 67% of companies. Nearly half of organizations, 47%, report moderate to high dependence on AI for detection and prevention functions. This trend reflects the demand for scalable monitoring and faster analysis of alerts, both of which are difficult to achieve with traditional methods.

The study identifies malware, ransomware, and phishing as the most common threats affecting large Mexican companies. Additional concerns include unauthorized use of Generative AI tools, reported by 20% of companies, and deepfakes, reported by 18%. These risks highlight the need for clear governance frameworks to regulate access and mitigate exposure to manipulated or synthetic content.

Sixty percent of specialists anticipate that AI will have a high impact on cybersecurity practices in the next two to three years. This expectation aligns with the emergence of intelligent agents capable of orchestrating workflows, reducing investigation time, and applying identity and data policies consistently. When combined with large-scale telemetry and Zero Trust controls, these agents enhance defensive capabilities against polymorphic malware, targeted phishing, and misuse of generative tools.

Felman says that Microsoft views the environment as an opportunity to reinforce security commitments. The company references its Secure Future Initiative as a framework designed to support organizational resilience. The initiative promotes readiness, stronger security culture, and adoption of practices that protect critical data and operations, linking modernization efforts with risk management.

Investment priorities reflect this shift. Companies are focusing on cloud security, AI-enabled solutions, and advanced intelligence and monitoring systems. These priorities aim to strengthen prevention, detection, and response functions as enterprises face adversarial techniques influenced by AI automation.

The study includes six recommendations for companies operating in this environment:

• Make security a leadership priority to ensure proper oversight of cyber risk.

• Strengthen digital hygiene by protecting identities, securing cloud perimeters, and monitoring assets continuously.

• Improve resilience through vulnerability assessments, response planning, and operational training.

• Invest in workforce development to align human capabilities with new technologies.

• Prepare for emerging risks by exchanging threat intelligence and maintaining adaptive models.

• Promote secure usage by implementing systems that guide users toward compliant actions.