Overview
- Mexico published its 2025–2030 National Cybersecurity Plan, which cites 16 confirmed critical incidents since 2022 and 155 ransomware victims from 2019 to 2025.
- Experts fault the plan for thin operational detail on OT and critical infrastructure, limited supply‑chain controls such as SBOMs, unclear incident procedures and no multi‑year financing scheme.
- Cloudflare reported a 204% quarter‑over‑quarter jump in blocked attacks in Mexico in Q2 2025, highlighting escalating threat activity.
- ISC2 estimates at least 25,000 cybersecurity vacancies in Mexico, reflecting a skills shortfall that organizations and recruiters struggle to close.
- Kaspersky finds 45% of Mexican leaders unsure how to prioritize security spending and 66% without regular risk assessments, even as many plan new threat‑detection tools (51%) and specialized training (49%) and CISOs flag supplier vulnerabilities as a top risk.