Mexico is facing a true digital storm. With more than 324 billion cyberattack attempts per year, the country has become one of the top targets for cybercriminals. But the most alarming threats don’t come from outside: they come from within.
So-called "insiders" — active employees, former staff with unrevoked access, or negligent personnel — are responsible for nearly 70% of the security breaches and data leaks affecting government institutions. In other words, most cyberattacks against the Mexican government originate inside the system itself.
An Internal Cybersecurity Crisis
This isn’t just a Mexican problem. Globally, 68% of breaches are tied to human factors, according to IBM. In Mexico’s case, six out of ten incidents stem from human error: clicking phishing emails, reusing or sharing passwords, or uncontrolled credentials.
But there’s an even more alarming figure: 22% of breaches directly involve employees or ex-employees — whether through carelessness or deliberate sabotage or espionage.
In 2024, 63% of Mexican public institutions reported at least one security incident. The hardest-hit sectors were government, finance, and healthcare, accounting for 70% of the most severe events.
Recent Cases: The Enemy Within
Internal attacks have multiplied in recent years. One of the most striking examples was the January 2025 breach in the government of Pachuca. Over 100 sensitive IT department files were leaked — all updated up to the day of the attack, strongly suggesting insider involvement.
But this is not an isolated case:
- In 2022, the Guacamaya Leaks exposed 6 terabytes of confidential data from the Defense Ministry (Sedena), including presidential medical reports and military contracts. The breach was enabled by outdated servers and persistent passwords.
- In 2019, ISSSTE leaked medical records of millions due to internal protocol failures.
- In 2025, alleged hackers claimed to breach the electoral agency INE, threatening the national voter database. The agency denied a breach but acknowledged unresolved intrusion attempts.
In the same year, eight massive leaks affected various agencies: the Education Ministry (SEP) exposed data on 5,000 students, while the Federal Legal Counsel’s office lost 300 GB of confidential files — all pointing to a pattern of weak internal controls.
Learn more: Telegram Bot Sells Millions of Mexicans' Passwords
The Weakest Link: Credentials, Culture, and Training
The true weakness isn’t in firewalls or antivirus software, but in personnel management. Studies show that half of all leaks in Mexican institutions are caused by ex-employees whose credentials were never deactivated.
Only 12% of public and private organizations are truly prepared for insider threats. The lack of cybersecurity awareness is striking: phishing remains the most effective intrusion method, responsible for 70% of initial access in attacks.
Meanwhile, government investments still focus mostly on perimeter infrastructure — servers, networks, and hardware — without addressing the root issue: people.
Numbers That Reveal the Scale of the Problem
In Q1 2025 alone, SILIKN’s research unit reported over 35.2 billion attack attempts in Mexico. The most affected sectors were government, manufacturing, and finance.
2025 has also seen a wave of incidents exposing poor control and internal vulnerabilities:
- January: President Claudia Sheinbaum’s phone and email were compromised, possibly by phishing or malware.
- February: A DDoS attack disrupted the Latin American Summit for Digital Defenders.
- March: A breach in the Civil Registry (SIDEA-RENAPO) leaked millions of birth and death records to the dark web.
- April: The hacker group Devman paralyzed the Colima government with ransomware.
- May: Exploits in Windows Server were used for remote code execution in federal agencies.
- September: Mexico ranked second in Latin America for ransomware attacks, up 165% from 2024.
Every incident shares a common denominator: human error, poor access control, and lack of prevention.
The Cost of Negligence
Globally, cyberattacks are expected to cost over $10.5 trillion in 2025, and Mexico is worryingly contributing to that figure. The problem isn’t technology — it’s the lack of comprehensive cybersecurity policies.
Experts agree that the country urgently needs a structural reform including:
- Zero Trust policies, where no user or device is trusted by default.
- Periodic credential audits to detect inactive or improper access.
- Mass training programs, as human error still causes 60% of incidents.
- Incident response protocols, to act immediately and limit damage.
Most Mexican public institutions lack dedicated cybersecurity teams or a national framework for coordinating efforts.
What the Government Can Learn from the Private Sector
Companies in finance and tech have shown that prevention is more cost-effective than reaction. Strategies like Zero Trust, network segmentation, and ongoing staff training have drastically reduced incidents in organizations handling sensitive data.
At TecnetOne, we believe security doesn’t just rely on tools — it’s built on a strong digital culture. This includes clear access policies, continuous monitoring, password management, and open communication between IT and administrative teams.
The Mexican government could benefit from adopting these practices, combining technology, policy, and education to strengthen its internal defenses.
Similar titles: Mexican Water Infrastructure Under Fire: Rising Cyberattacks
The Silent Battle Inside Institutions
The data shows the biggest threat isn’t external — it’s internal. Insiders, whether careless or malicious, hold the keys that open the door to attackers. As long as institutions fail to revoke credentials, train their staff, and monitor access, attacks will continue.
Mexico is facing a silent cyber crisis, where any public agency could be tomorrow’s headline. Hackers no longer need to break through firewalls — a single click by a careless employee is enough to let them in.
Conclusion: The Enemy Is at Home
The question isn’t whether the Mexican government is being hacked — it’s by whom.
The numbers show the biggest danger comes from within government walls. While external hackers evolve, public institutions are still unprepared to manage their own environments. The real battle isn’t fought on the dark web, but on the desks, computers, and inboxes of civil servants.
At TecnetOne, we believe the only way to face this threat is to redefine cybersecurity from the inside out — combining technology, clear policies, and continuous education.
Only then can Mexico protect its digital infrastructure and regain the trust of its citizens.