AI Risks Outpace Readiness in 88% of Mexican Companies: Cisco

Eighty-eight percent of enterprises in Mexico have experienced AI-related cybersecurity incidents, while only 2% report being fully prepared to face these threats, reveals Cisco's Cybersecurity Readiness Index 2025.

"The rapid adoption of AI-based technologies has not been matched by an equivalent maturation in cybersecurity infrastructure and policies," Cisco's report warns.

The accelerated integration of AI solutions into corporate environments has expanded the attack surface in organizations, introducing new cyberattack techniques that exploit vulnerabilities still poorly understood or addressed. Globally, 86% of companies have faced AI-related incidents, but Mexico exceeds this average with 88%, reports Cisco.

This situation reflects not only rapid technology adoption, but also a critical gap in operational and structural preparedness against automated threats. This information matches other industry studies such as Fortinet Labs' Global Threat Report 2025, which revealed that Mexico received 324 billion cyberattack attempts during 2024.

"Our latest FortiGuard Labs report makes one thing clear: cybercriminals are accelerating their efforts, using AI and automation to operate at unprecedented levels of speed and scale," writes Derek Manky, Head of Security Strategy and Global VP of Threat Intelligence, FortiGuard Labs, in a press release.

The Cisco report highlights that tools such as ChatGPT, Gemini, or Deepseek are being used without clear guidelines or robust controls, creating environments prone to unauthorized access, data leakage, and sophisticated attacks using techniques such as prompt injections, data poisoning or model theft.

Study details

The study reveals that 24% of Mexican organizations allow unrestricted access to public Generative AI platforms. In addition, the phenomenon known as shadow AI, which involves the unauthorized use of AI tools for work purposes, has been observed by 63% of companies, which say they do not have the capacity to detect these unregulated uses.

Only 50% of cybersecurity leaders in the country believe their employees understand AI-derived threats, and 51% believe their technical teams do not fully understand how attackers exploit these tools. This implies a significant gap in training, monitoring, and technology governance.

Up to 75% of companies say that the fragmentation of solutions prevents a coordinated and effective response to incidents. Although 95% plan to upgrade their IT infrastructure, only 41% allocate more than 10% of their budget to cybersecurity, a drop of eight percentage points from the previous year.

The environment is exacerbated by the use of unmanaged devices: 83% of organizations allow connections from terminals not controlled by their IT departments. As a result, 58% of technical teams lack visibility into how users interact with generative AI tools.

In parallel, the shortage of specialized talent persists as a limiting factor. Ninety-one percent of companies report difficulties in recruiting qualified cybersecurity personnel, and 45% report more than ten unfilled vacancies in this area.

Future Scenario

Cisco assessed five dimensions to determine readiness maturity: identity intelligence, machine reliability, network resiliency, cloud hardening, and AI fortification. Globally, maturity levels are low: only 6% of surveyed companies have achieved advanced readiness in identity intelligence, 12% in machine reliability, 7% in network resilience and AI fortification, and just 4% in cloud hardening.

In Mexico, short-term expectations reflect this vulnerability. About 53% of companies consider it likely that a cyberattack will disrupt their operations in the next 12 to 24 months, underscoring the urgent need to strengthen technological capabilities, internal policies, and human capital.