top of page

Cybersecurity Survey 2023: Critical Lessons for Latin American Entrepreneurs

In previous posts, we have reviewed the first two parts of the 2023 Cybersecurity Survey (download it here) from the Internet MX Association that CyberLat sponsored together with AWS, NYCE, and Cdetech:

On this occasion we will delve into the third part of this Survey: Cybersecurity of Companies in Mexico.

The cybersecurity of organizations is another pillar for their operation since most of their operations are now supported by technological services. The safeguarding of companies is one of the main assets of our country to promote development and innovation.

The Survey is based on information from the INEGI 2019 Economic Census to approximate the number of companies in Mexico: 4.8 million. Of these, 99.8% are micro, small and medium-sized enterprises (MSMEs).

44% of companies consider that they are reasonably prepared for a cyber attack. 31% do not have personnel dedicated to cybersecurity and information security and 54% only use their own knowledge or resources to protect themselves.

29% of companies carry out awareness campaigns only when they suffer an incident. 64% do not have a budget allocated to cybersecurity, and 59% do not have any cybersecurity standard or reference framework implemented.

Most companies have implemented anti-malware software, updates their operating systems and programs, user authentication, and a password update policy. What they do least is identify critical assets and risk analysis, segregate functions and hire external cybersecurity services.

The majority lost less than $50 thousand pesos (25%), followed by those who lost between $50 and $100 thousand (8%). 10% of companies lost between $100 thousand and more than 1 million pesos.

According to the Survey, although the majority of companies were able to recover in less than 24 hours, a significant percentage took weeks or even did not fully recover, suggesting that business continuity planning and disaster recovery strategies Disasters need to be integral components of a company's cybersecurity posture.

Creating a cybersecure environment for the development of our organizations requires collaboration: reporting cyber attacks, raising awareness, training and relying on experts. It is also important that we encourage collaboration between the public and private sectors to build a safer and more resilient digital environment in Mexico.

We have to be clear that if our organization has not been the victim of a cyber attack, it will be. Our main recommendation will always be to invest in prevention and not recovery. Write to us at so we can create a strategy according to the size and budget of your company.


bottom of page