Mexican companies allocate only 3.4% of their IT budget, on average, to cybersecurity, a figure two to four times lower than the global standard (between 7% and 15%), despite the fact that the country accounts for approximately 55% of cyber threats in Latin America, according to data from IDC Mexico and Kaspersky analyzed by IQSEC.
During the first half of 2025, Mexico registered 40.6 billion cyberattack attempts, according to Fortinet data, and 47% of organizations reported losses of between $100,000 and $10 million due to security breaches (PwC, 2025).
The gap widens when analyzing investment relative to revenue. While international benchmarks recommend allocating between 0.4% and 1.5% of annual revenue to cybersecurity, in Mexico the average hovers around just 0.10%, according to estimates based on IDC Mexico (2025), PwC (2025), and Kaspersky (2025). “For a company with revenues of one billion pesos, that’s equivalent to allocating just over three million pesos annually to cybersecurity, compared to the ten million that would mark the minimum of the recommended standard,” explained Sergio Navarro, Pre-Sales Director at IQSEC.
However, there is a turning point. According to the IQSEC study “Cybersecurity Investment in Mexico,” 86% of companies in Mexico plan to increase their cybersecurity investment by 2026, particularly in high-priority areas such as:
threat detection using artificial intelligence (63%),
identity management (55%),
data protection (51%),
cloud security (46%), and
vulnerability assessments (44%).
“We have been warning for years that the question is not if an organization will be attacked, but when. What this data confirms is that systematic underinvestment in cybersecurity is not just a technical risk: it is a financial and business continuity risk that many organizations have not yet translated into their management language,” Navarro stated.
IQSEC highlighted that the most exposed segment is that of companies with revenues between 500 and 2,000 million Mexican pesos. These organizations invest between 0.2% and 0.5% of their revenue in cybersecurity, well below recommended standards.
“The problem isn’t just budget; it’s risk visibility and a lack of cybersecurity specialists. When the financial impact of an incident isn’t measured, it’s difficult to justify preventative investment. That’s where strategic support from specialists makes all the difference,” added Sergio Navarro.
Mordor Intelligence (2025) projects that the cybersecurity market in Mexico will grow from 47.6 billion Mexican pesos in 2025 to 91.8 billion pesos in 2031, with a compound annual growth rate of 11.4%. This expansion not only reflects the increase in the frequency and impact of attacks, but also a greater awareness of the need to protect critical digital infrastructure.
“Organizations that structure their strategy today will be better positioned. Those that postpone the decision will face significantly higher costs,” concluded the IQSEC Cybersecurity specialist.
Surce: computerweekly
