Mexico Ranks Fourth in Cybersecurity in Latin America

Mexico ranked 52nd in its commitment to cybersecurity, an 11-spot jump from 2018 according to the International Telecommunication Union report of 2020. The country’s raw score was 81.68, 4th in the Americas.  

The calculated score is derived from a composite analysis of five variables including capacity development, organizational, legal, technical and cooperative measures. Mexico scored the highest in technical measures, which gauges the country’s national framework and preparedness to deal with cyber risks and incidents, thanks to its computer incident response teams (CIRTs) or Computer Emergency Response Teams (CERTs). These allow countries to respond to breaches from a centralized focal point to promote quick and systematic action. Normally, the formation of such response teams follows legislation or national policy; Mexico’s first team was created in 2010.

On the other hand, the country scored lowest in organizational measures, which examine governance and coordination mechanisms within the framework. This requires infrastructure entities to have a concrete understanding of function within the national cybersecurity strategy so that the chain of command can function smoothly in time of need. In addition, it also considers the country’s ability to protect key infrastructure such as electrical grids, water purification plants and transportation systems.   

Just last year, Mexico’s economic ministry suffered a staggering cyberattack on some of its servers, but stated that sensitive information had not been compromised and followed up with added security measures. This is the country's second high-profile attack after hackers successfully deployed ransomware that shut down national oil company Pemex in 2017 and asked for US$5 million in bitcoin. After the attack, the federal government reserved the right to release information about the attack for five years. As a result, people were left unaware if their personal information had been breached. This move also left other private companies clueless on how to protect themselves from similar attacks. Investigative journalism has exposed the gravity of the 2017 attack but a complete understanding might not be possible until 2026.  

Cyberattacks on key infrastructure is becoming more recurring not only within Mexico, but across the world. According Statista, Mexico ranks as the second country in Latin America with the most cyber-attacks after Brazil. The problem persists even after the Inter-American Committee against Terrorism (CICTE) has worked with member nations to “strengthen regional cooperation in security.”

Overall, Mexico has come a long way since 2010, nevertheless its clear that cyberattacks will become even more frequent in the near future and the country needs to prepare for that. As indicated by ITU the country needs to work towards clarifying the tasks of interdependent institutions related to the cybersecurity network so as to avoid a confusing chain of command when it is needed most. In light of last year’s attack, it is clear that it is necessary to increase the budget and strength policies around cybersecurity. Otherwise the next successful cyber-attack will be sooner than later