Lack of Cybersecurity Knowledge Affects 52% of Firms: Kaspersky

Over half of the organizations in Mexico have faced cybersecurity incidents as a direct consequence of a lack of knowledge on the subject on the part of their leaders, reveals a Kaspersky study. Ongoing training and clear communication between teams are proposed as the main ways to address this gap.

"You cannot prevent what you do not understand. The lack of cybersecurity knowledge within organizations is cross-cutting. Here, training is key and investing in it is urgent for business continuity," says Jaime Berditchevsky, General Director, Kaspersky Mexico, to DPL News.

According to Kaspersky, 52% of Mexican companies have been victims of cyber incidents attributable to a lack of understanding among management levels. Some 20% of senior managers admit to not understanding the technical terms used by their own IT security teams, which compromises their ability to respond to threats. This gap also affects decision making, limiting the effective allocation of resources, the definition of protection policies, and the adoption of appropriate technologies.

Among the risks most frequently mentioned by Mexican executives are ransomware (26%), advanced persistent threats (21%), and malware (17%). However, knowledge of how they work and their impact is limited. This is especially critical in industrial sectors, where operational disruptions due to cyberattacks can result in financial losses and supply chain disruptions.

The report also shows that 22% of leaders are unaware of the function of a Security Operations Center (SOC), which allows them to monitor and respond to incidents in real time. Likewise, 16% ignore the relevance of vulnerability management and 14% do not know how threat intelligence operates.

The problem is not restricted to senior management. The Connecting the future of business study found that one-third of Latin American executives believe that even their cybersecurity experts have moderate knowledge of threats, reflecting a generalized deficit in technical training. This, in addition to increasing the risk of cyberattacks, can lead to inefficient use of budgets, loss of specialized talent, operational delays, and conflicts between work teams.

To address this situation, Kaspersky recommends that both managers and IT teams stay up-to-date on cybersecurity trends and events to align communication and strengthen decision making. In addition, the company suggests establishing clearer communication channels between specialists and corporate leaders, using understandable and contextualized terms to justify investments in protection solutions.

Transversal training is also essential. Finally, Kaspersky emphasizes the importance of implementing corporate-level security solutions tailored to the specific needs of each organization, responding to the size, sector, and risk profile of each company.