The State of Cybersecurity in Mexico in 2024

ManageEngine, a division of Zoho Corp., paints a picture of the situation regarding cybersecurity in Mexico in The State of Cybersecurity in Latin America 2024 report. The company emphasizes an increase in security breaches, decreasing financial losses, the role of artificial intelligence (AI) as a possible solution to this issue, and employee participation to prevent these attacks. 

“In Mexico, there is growing concern about cybersecurity, accompanied by increased investments in this field and initiatives to improve regulatory compliance," the study reads. "Despite this, several challenges persist in the local context, with organizations facing increasing cyber threats in an ever-changing digital landscape."

According to the study, which surveyed 200 security professionals and executives in Mexico, 65% of companies in the country experienced an increase in cybersecurity breaches, exceeding the regional average of 59%. The results show that 68% of security threats target employees, through phishing for example, downloading malicious applications or visiting untrusted websites. In turn, 64% of respondents confirmed that they face threats from external entities, while another 40% of incidents involve employee sabotage, and 23% of threats arise from company partners.

This increase, although worrying, was offset by effective risk management and a proactive approach by organizations, attributed to a combination of factors, such as success in cybersecurity insurance claims (65% of respondents said they were successful in this scenario), proper training of people, and strengthening of their cybersecurity infrastructures. As evidence of this, 34% of respondents who reported having suffered an attack categorized it as "not significant", while only 27% of respondents reported attacks that resulted in "significant" financial losses.

In Mexico, while cyberattacks continue to be a growing threat, the ability of companies to mitigate financial losses indicates a maturity in risk management, which, according to institutions such as Urban or PwC, could increase the confidence of investors and clients in the Mexican market, thus strengthening the business environment.

The study also highlights the crucial role that artificial intelligence (AI) will play both in threat parameters and in defending against cyberattacks. In terms of threat parameters, 47% of respondents acknowledged the extensive use of generative AI in cyberattacks. While 46% stated that generative AI has been used significantly in attacks and 51% will be used during this or the next few years, only 2% believe that this technology will not be used in attacks in the future.

In response to this concern on the part of executives, the role that this technology could play in strengthening defense mechanisms was addressed. "Integrating AI into security tools offers numerous benefits, including enhanced threat detection capabilities, accelerated incident response times, and an improved overall security posture," said Andres Mendoza, Technical Director Southern Europe & LATAM, Zoho Corporation.

92% of respondents believe that AI could be critical to defend against cyberattacks by 2024. Likewise, with respect to process optimization, 84% of respondents in Mexico said they have confidence in AI to make changes, handle attack responses and perform other tasks without the need for manual review prior to implementation, pointing to its anticipatory potential. 

Finally, in response to the high rates of employee responsibility for these attacks, the study indicated that 99% of respondents provide computer security training within their companies. Of this percentage, 81% stated that training is provided within one month of being hired, at the latest.

Results highlight the primary concerns facing security professionals, with the growing number of security issues being the No. 1 stress factor for respondents (59%). It highlights the need to provide adequate preparation for employees, especially in an ever-changing threat environment, support from other departments within organizations who are often unaware of security rules and policies, and the need to close a significant gap between the dynamic threat landscape and the expertise needed to effectively combat them.