In her First State of the Union Address, Claudia Sheinbaum painted a picture of a modern, digital Mexico striving for technological sovereignty. The speech highlighted digital identity, space projects, nationwide connectivity, and new innovation-focused institutions. On the surface, it seemed like Mexico was preparing for the future.
But when the topic shifts to cybersecurity, the outlook quickly deteriorates. What’s portrayed as a solid strategy is, in reality, a collection of good intentions with no immediate execution. And that’s the problem: cyberattacks don’t wait. While plans are being drafted, cybercriminals are acting fast, exposing the state’s lack of preparedness.
At TecnetOne, we want to help you understand this scenario. Because this isn’t just a government issue—the lack of cybersecurity action affects businesses, users, and the daily lives of millions of Mexicans.
What the Government Is Claiming
In the report, the government highlighted:
- Protection of the gob.mx domain
- Implementation of an early warning system
- A General Cybersecurity Policy still in development
- Draft regulations and preliminary diagnostics
It all sounds great on paper. But the problem is time. While the administration celebrates drafts, cybercriminals are launching attacks measured in weeks, days, or even seconds.
Similar titles: Ransomware in Mexico: Cyberattacks Cause Major IT Sector Losses
The Hackers Are Much Faster
Cyberattacks targeting Mexico show clear characteristics:
- Blazing speed — hundreds or thousands of attempts per second nationwide
- Constant activity — attacks happen 24/7, every day of the year
- Increasing sophistication — AI, automation, and economic/political motives raise the threat level
In this context, responding with unfinished policies is like facing a hurricane with a broken umbrella.
What’s Being Done (and What’s Still Missing)
The government celebrated training nearly 3,000 young people in cybersecurity and programming through the Public School of Code. While any educational effort is positive, Mexico’s specialist shortage is measured in the tens of thousands.
Boasting such modest numbers isn’t enough. It sounds more like an attempt to show results than to solve the problem.
Talking about “digital sovereignty” or “space projects” rings hollow if basic priorities—like protecting government servers, securing critical infrastructure, or building a strong cybersecurity workforce—are still underdeveloped.
The Lack of Open Collaboration
Another major concern is the absence of collaboration with the private sector and cybersecurity experts. So far, the government has not called for broad roundtables or commissioned studies involving independent specialists.
It seems to prefer the advice of politically aligned advisors—something we’ve seen before in other areas—and in cybersecurity, that could be extremely costly.
How Mexico Should Approach Cybersecurity
Cybersecurity isn’t a speech topic—it demands execution, expertise, and urgency. You don’t just need engineers. You also need ethical hackers, auditors, forensic analysts, psychologists, lawyers, and educators to cover every angle.
Any solid national strategy should rest on three pillars:
Constant Technology Updates
Invest in advanced solutions and apply security patches regularly. Don’t wait for local tech to become available—use the best on the market now.
Massive Training and Awareness
Train every government employee (regardless of their level), and educate the public. A solid cybersecurity culture begins with understanding risks and how to act.
International Standards and Response Plans
Adopt proven frameworks like ISO 27001 or NIST to handle incidents properly, with clear recovery procedures.
Also of interest: Mexican Water Infrastructure Under Fire: Rising Cyberattacks
Time Is the Enemy
The most urgent priority isn’t writing more plans—it’s executing measures now. Mexico is falling behind compared to the speed and agility of cybercriminals.
While we’re still debating drafts, attackers are already using:
- Advanced malware
- Targeted ransomware
- AI-based techniques
If action isn't taken, we’ll continue to see:
- Massive data breaches in public institutions
- Ransomware attacks that paralyze organizations
- Risks to critical infrastructure, like water, energy, and transportation
A Long-Overdue Law
This entire situation points to something Mexico has delayed for years: a Cybersecurity Law.
We need legislation that defines responsibilities, allocates resources, and puts enforceable rules in place to truly protect the country.
Once again, time is against us. Every day without a legal framework is another day criminals get ahead.
The Government’s Big Blind Spot
Ultimately, the issue isn’t what’s being said—it’s what’s not being done:
- No clearly defined resources
- No assigned responsibilities
- No urgency to match the scale of the threat
Cybersecurity in Mexico is in a dangerous limbo. What’s needed isn’t endless diagnostics or flashy presentations, but immediate action and coordinated response.
At TecnetOne, we believe protecting digital infrastructure is about protecting people’s lives. Cyberattacks aren’t a future threat—they’re a present reality. And trying to fight them with half-finished plans is as useless as trying to block out the sun with your hand.
