Introduction
América Latina has become fertile ground for ransomware and other sophisticated attacks. Mexico, in particular, stands out as the second-most attacked country in the region with 13.32% of threats registered in 2023, only behind Brazil (22.61%).
Main Challenges
Insufficient Education and Awareness
Arturo Cabañas, Principal of Compliance and Cloud Security at AWS, identifies two major structural flaws in Mexico’s financial sector: inadequate technical and civic education, as well as a fragmented regulatory environment.
“The primary vulnerability is not technical, it’s human,” Cabañas warned in an interview.
Ransomware, which accounted for 79% of attacks in Latin America compared to a global average of 53%, exploits common user errors such as opening malicious emails, clicking on suspicious links, or using weak passwords.
This weakness is fueled by a widespread lack of training. According to AWS’s LATAM Financial Sector Threat Landscape 2025 report, the region lacks mandatory cybersecurity training standards within financial institutions. Only 25% of organizations in Mexico have implemented a comprehensive cybersecurity plan, despite 77% stating they will increase their budget in this area.
“Even employees at banks and fintech companies lack the necessary training to recognize and respond to threats like social engineering, which can now be replicated using AI-powered voice or a colleague’s writing to request urgent transfers,” said the executive.
Outdated Technology
Another critical issue identified is the use of outdated technological infrastructures. Many Mexican institutions, especially small and medium-sized ones, still operate with legacy systems and unupdated software, creating known vulnerabilities that are repeatedly exploited by groups like LockBit or Mispadu.
The report shows that 94% of regional attacks use tactics like system intrusion, web application vulnerabilities, and social engineering, all preventable with updated technology and good authentication practices. However, only a minority has adopted international frameworks like ISO 27001 or NIST, leaving them below minimum acceptable standards.
“This situation is paradoxical,” Cabañas stated. “Cloud technologies provide agile and cost-effective access to services with over 2,000 security controls. Yet, many financial entities in Mexico still rely on expensive and hard-to-secure on-premise infrastructure.”
Regulatory Disconnect
Mexico, like other Latin American countries, faces a third structural flaw: regulatory disarray. Although the country has regulations allowing and promoting cloud service use, such as the General Law on the Protection of Personal Data, the lack of alignment with international standards remains an obstacle.
“Regulation should be proportionate to the risk,” Cabañas said.
However, the same number of controls is often demanded from a fintech as from a multinational bank, which is inefficient and impractical. This leads to “compliance simulation,” where protocols are declared but not executed, and plans are created but not tested.
The report confirms this disconnect. Although financial institutions show the highest level of cybersecurity awareness in the region, with an index of 0.52 in 2020 (on a scale of 0 to 1), incident response mechanisms score much lower: 0.36 in procedures and 0.47 in monitoring effectiveness.
Economic Impact
The economic costs of these vulnerabilities are significant. In Mexico, the potential impact of cyberattacks could reach up to 90 billion dollars, equivalent to 6% of GDP, if critical infrastructure is affected. Currently, losses from cybercrime in Mexico’s financial sector are estimated at 15 billion dollars.
These costs include ransom payments, lost operations, reputational damage, regulatory penalties, and loss of customer trust. In 2024, LockBit demanded 2.5 million dollars from a Brazilian bank after virtual infrastructure seizure. Similar incidents have occurred in Mexico with groups like Horabot and Blind Eagle.
Moving Forward
Mexico has made progress in some areas: regulatory openness to the cloud, technical talent training, and growing problem awareness.
“We’re not seeing a lack of intentions, but a gap between what is declared and what is actually done,” Cabañas noted.
