Evaluating Mexico’s New Cybersecurity Plan: Ransomware, Gaps, and the

Executive Summary

Mexico’s newly published 2025–2030 National Cybersecurity Plan represents the most ambitious federal attempt to date to overhaul the country’s digital defenses, but it arrives against a backdrop of persistent ransomware attacks, organized crime exploitation of cybercriminal services, and a looming stress test: the 2026 FIFA World Cup. According to an analysis by Recorded Future’s Insikt Group published June 25, 2026, Mexico faces a threat landscape dominated by ransomware, financial malware, and hacktivism, with the government, healthcare, and financial sectors as primary targets. The plan, published December 4, 2025 by Mexico’s Digital Transformation and Telecommunications Agency (ATDT), outlines benchmarks and indicators rather than new legal frameworks, and its success hinges on political will and institutional capacity—areas where Mexico has historically lagged.

Technical Analysis

Insikt Group’s assessment, drawing on cyber trends from 2020 to 2026, identifies ransomware as the top threat to Mexican organizations. High-profile incidents include a 2022 hacktivist leak of sensitive files from the Secretariat of National Defense (SEDENA), a 2022 ransomware attack on the Secretariat of Infrastructure, Communications, and Transportation (SICT), a 2023 BlackByte ransomware attack against the National Water Commission (CONAGUA), and a 2024 RansomHub attack affecting the Legal Counsel’s Office of the Presidency. State and local institutions have also suffered breaches, including a 2024 exposure of Mexico City government emails and a 2025 intrusion into Yucatán’s Va y Ven transit system.

Mexico ranks among the top five countries globally for documented infostealer and stolen payment card victims, per Insikt Group’s research. The dark web forum DarkForums is identified as the most popular special-access venue for threat actors discussing attacks targeting Mexico. Mexican drug trafficking organizations (DTOs) are known to leverage Chinese money laundering networks (CMLNs) and cryptocurrency to obfuscate illicit funds, and they increasingly solicit cybercrime-as-a-service to evade law enforcement.

The International Telecommunication Union’s (ITU) 2024 Global Cybersecurity Index lists Mexico as a “Tier 2” nation, alongside Canada, Ecuador, and Uruguay, indicating a strong commitment to cybersecurity relative to Latin American peers. However, the ITU notes international cooperation as a growth area, and cybersecurity experts generally perceive Mexico as lagging behind international standards in institutional capacity-building. The ATDT claims the plan will “position Mexico at the forefront of regional cybersecurity,” but previous attempts at national cyber policy have failed to gain political traction. The administration of President Claudia Sheinbaum, with her party’s majority control of Congress, has committed to full implementation.

The 2026 FIFA World Cup, co-hosted by Mexico, will serve as an early test of the country’s ability to maintain operations and access to digital services amid increased tourism and international scrutiny. Insikt Group assesses that state-sponsored cyber activity targeting Mexico remains a significant concern due to the country’s deep integration with US supply chains, its nearshoring-linked manufacturing base, and underdeveloped cyber governance.

Mitigations & Recommendations

Organizations operating in Mexico should enhance threat detection capabilities, prioritize threat visibility, and strengthen incident response planning, according to Insikt Group. Adopting international cybersecurity standards, conducting scenario-planning exercises for ransomware, data breaches, and cyber espionage, and training both employees and the general public on basic cyber safety are recommended. The report emphasizes building a practical understanding of how to respond quickly and effectively when incidents occur, rather than relying solely on policy-level frameworks.