Technological infrastructure in Mexico has soared in the past two decades. Earlier this year, the Wilson Center reported that only 5% of Mexicans (about 5 million people) had Internet access in 2000, but that number now stands at 48% (about 62 million people).
This increase in Internet access has greatly benefitted Mexican businesses. It has the thirteenth largest economy in the world, and is reportedly on pace to challenge the top five countries by 2050. However, this growth comes with greater exposure to cyber threats and a responsibility to put in place measures to mitigate the risk – something Mexico has failed to do.
Cybersecurity laws are poorly enforced
Mexico faced approximately 10 million cyber attacks in 2014, which are the most recent figures the Wilson Center has access to. The lack of accurate reporting is itself part of the problem.
Mexican law states that data controllers must immediately notify data subjects when a breach occurs, but this requirement is poorly enforced and very few organizations comply. Many organizations have expressed their concern that, because so few breaches are reported, choosing to buck the trend will damage their reputation and create the impression that they are less secure than their competitors.
Stricter breach notification requirements will shed more light on the state of cybersecurity in Mexico and encourage organizations to address the issue. However, the Wilson Center also lists other serious problems: “Mexico does not have a national governance roadmap for security in cyberspace. Its main vulnerabilities are a lack of a cyber security culture, [poor] system configuration, outdated […] technology, and application problems.”
Becoming more cyber secure
The Wilson Center believes that the Mexican government and private firms need to work together to improve the country’s cybersecurity defenses. Public and private authorities both need to increase their cybersecurity budgets, and they should commit to jointly funded initiatives improving infrastructure.
However, organizations need to remember that cybersecurity is ultimately their own responsibility. To help manage their cybersecurity obligations, organizations should implement an information security management system (ISMS).
An ISMS is a framework of policies and procedures that includes all the organizational and technical controls necessary to protect an organization’s information assets.