TLDR: A recent Proofpoint study, ‘Voice of the CISO 2025,’ reveals that 80% of Chief Information Security Officers (CISOs) in Mexico anticipate a significant cyberattack within the next year. Their primary concerns revolve around human risk and data loss, largely exacerbated by the rapid adoption of Generative AI. Despite high perceived risks, over half (57%) of organizations are unprepared for a cyber incident, and 42% have already experienced material data loss. Human error is cited as the top vulnerability by 88% of Mexican CISOs, the highest globally. While 81% prioritize enabling Generative AI, 58% fear customer data loss through public platforms, leading to a shift from restriction to governance, with 84% implementing usage guidelines and 87% exploring AI-based defenses.
Chief Information Security Officers (CISOs) in Mexico are facing a heightened and complex cybersecurity landscape, with a significant majority bracing for imminent cyberattacks. According to Proofpoint’s ‘Voice of the CISO 2025’ report, a striking 80% of Mexican CISOs expect their organizations to suffer a material cyberattack within the next 12 months. The study pinpoints human risk and data loss, particularly those driven by the burgeoning use of Generative AI, as their foremost concerns.
Luis Isselin, Country Manager of Mexico at Proofpoint, highlighted the dual nature of the current technological shift: “Mexican organizations are going through a key moment in which innovation and risk coexist; Generative AI is transforming how companies operate, collaborate, and defend themselves, but it also introduces new vulnerabilities around the protection and misuse of data.” Isselin further noted an “encouraging push toward responsible AI governance, where CISOs balance the need to innovate with the duty to protect.”
The 2025 analysis identifies two overarching trends: the increasing frequency and sophistication of cyberattacks, which fuels anxiety among CISOs, and the swift ascent of Generative AI, compelling leaders to navigate innovation while managing new risks of data exposure and misuse.
Despite the high awareness of potential threats, a substantial gap in preparedness persists. While eight out of ten CISOs in Mexico foresee a material cyberattack, more than half (57%) confess their organizations are ill-equipped to respond. This vulnerability is underscored by the fact that 42% of CISOs in the country reported experiencing material data loss in the past year, primarily due to external compromise and third-party attacks.
Human error remains the Achilles’ heel of cybersecurity. A staggering 88% of Mexican CISOs identify the human factor as their main risk, a figure that leads globally. This perception stands in stark contrast to the 82% of executives who believe their employees understand security best practices, indicating a disconnect between awareness and actual secure behavior. A critical finding reveals that 98% of CISOs who experienced data loss attribute some responsibility to departing employees.
Generative AI is a double-edged sword for these security leaders. Eighty-one percent of Mexican CISOs consider enabling Generative AI tools a strategic priority for the next two years. However, nearly three out of five (58%) express apprehension about potential customer data loss through public Generative AI platforms. The main Generative AI-related risks identified are chatbots (53%) and collaboration platforms (38%).
In response, organizations are shifting from outright restriction to strategic governance. Eighty-four percent already implement usage guidelines, and 87% are actively exploring AI-based defenses. Nevertheless, 61% of companies still completely restrict employee use of these tools.
The broader threat landscape is diverse, with ransomware topping concerns at 55%, followed by cloud account takeovers (42%), email fraud (41%), and malware (41%). The severity of these threats is reflected in the fact that 84% of Mexican CISOs would consider paying a ransom to restore systems or prevent data leakage, matching Canada for the highest rate globally.
The pressure on CISOs is immense, with 87% reporting excessive expectations and 81% having experienced or witnessed burnout in the past year. While 79% believe their board of directors aligns with their cybersecurity vision, 22% still feel they lack adequate resources to achieve their objectives. Post-cyberattack, boards are most concerned with business valuation, reputational damage, loss of sensitive information, and significant operational interruptions.
Also Read:
- Salesforce Unveils Agentforce for Autonomous Enterprise AI; Industry Grapples with Agentic AI Security Risks
- New MAESTRO Framework Bolsters Security for Generative and Agentic AI Systems
The report is based on a survey of 1,600 CISOs across 16 countries, including 100 executives in Mexico, from organizations with 1,000 or more employees across various industries.
