In Mexico, the rapid digitalization of businesses, government agencies, and people’s daily lives has opened up great opportunities—but it has also brought increasingly complex risks that are becoming harder to ignore.
Looking ahead to 2026, the country faces a crucial decision: to seriously strengthen its digital security or face the consequences of threats that could impact the economy, critical services, and public trust.
In this context, Mexico finds itself at a pivotal moment to reinforce its cybersecurity strategy, especially following the federal government’s announcement of a National Cybersecurity Plan and a potential General Law to regulate this area.
These initiatives, led by the Digital Transformation and Telecommunications Agency (ATDT), aim to respond to the rapid rise in cyberattacks now affecting both the public and private sectors.
While the announcement has been positively received, several experts agree that it comes somewhat late. For years, the digitalization of services, procedures, and business operations advanced faster than the capacity to protect them. The result: significant gaps in information security and the defense of critical systems that now demand clearer, more coordinated, and urgent action.
The Cybersecurity Challenge in Mexico
Mexico is going through one of its most challenging periods in terms of cybersecurity. According to various industry analyses, cyberattacks are not only on the rise—they are also becoming more sophisticated.
Threats such as ransomware, phishing, and credential theft continue to top the list, causing significant financial impacts that, in many cases, translate into millions of pesos lost from a single incident.
This risk is amplified by the country’s high level of technology adoption. Today, virtually all large companies—and a significant portion of small and medium-sized ones—depend on the internet to operate daily. While this drives productivity and growth, it also greatly expands the attack surface, requiring far more robust and coordinated security measures.
In addition, digital security experts warn that attacks targeting the public sector could intensify in the coming months. The main causes are familiar: internal weaknesses, lack of proper technical controls, and risk management strategies that often fall short of current demands.
Institutional Progress: Moving from Reaction to Prevention
One of the most relevant aspects of the plan led by the Digital Transformation and Telecommunications Agency (ATDT) is its shift in approach: moving away from a strategy based solely on reacting to incidents and focusing on prevention instead. To achieve this, the plan includes the creation of key structures, such as a National Cybersecurity Operations Center and a national CSIRT (Computer Security Incident Response Team), dedicated to responding to incidents, issuing early warnings, and continuously assessing risks.
Undoubtedly, this proposal represents significant progress for cybersecurity in Mexico. However, its effectiveness will depend on one essential factor: that it comes with a clear definition of responsibilities, well-established coordination processes, and follow-up mechanisms to ensure that the actions do not remain only on paper.
Read more: The Most Shocking Cybersecurity Stories and Cyberattacks of 2025
Lack of Regulation and Mandatory Cybersecurity Standards
One of the main criticisms of the project centers on the lack of clarity regarding roles and responsibilities. While the framework proposes the involvement of government agencies, coordinating bodies, the private sector, and academia, it falls short in defining sanctions and clear accountability mechanisms. This leaves too many unanswered questions about who is responsible and how compliance will be measured.
Another sensitive issue is that although the use of international security standards is encouraged as a reference, their adoption would not be mandatory. In practice, this could lead many organizations to settle for minimal protection levels—clearly inadequate in the face of increasingly sophisticated and automated threats.
International experience shows there are effective paths forward. Countries like Chile have made significant progress by combining mandatory technical regulations, independent audits, and clearly defined sanctions. This kind of approach could serve as a strong reference to reinforce Mexico’s cybersecurity strategy.
Budget: A Step Forward, but Still Insufficient
The budget allocated to the ATDT for 2026 represents progress compared to previous years, but remains limited upon closer analysis. These resources are not dedicated exclusively to cybersecurity, which reduces the real impact of the actions in the face of the current scale and complexity of digital risk.
In other countries, cybersecurity investment is more specifically targeted toward key areas such as protecting critical infrastructure, early threat detection, developing specialized talent, and close collaboration with the private sector. All of these remain important areas of opportunity for Mexico as it moves toward a stronger security posture.
Read more: Complete Guide 2026: ISO 27001 Certification and How to Obtain It
The Legal Challenge and Pending Technical Capabilities
While Mexico already has legal provisions addressing cybercrimes, the effective prosecution of complex attacks remains low. The lack of specialized training in judicial, forensic, and investigative areas limits the State’s ability to adequately respond to incidents involving international networks or critical systems.
That’s why the real cybersecurity challenge in Mexico isn’t just about creating new laws or announcing ambitious plans. The real test lies in developing the technical, operational, and human capabilities needed to implement those strategies in a tangible, measurable, and sustained way.
At TecnetOne, we believe timely information and ongoing preparation make all the difference in facing today’s digital risks. Understanding the cybersecurity landscape helps drive better decisions and strengthens the protection of data, systems, and infrastructure.
If you want to keep learning about digital threats and cybersecurity best practices, subscribe to our TecnetBlog and stay informed.