Mexico is moving to harden its digital borders as the government enters a strategic partnership with Microsoft to overhaul its national cybersecurity infrastructure. The collaboration, formalized through a memorandum of understanding, aims to shield the public sector from an increasingly aggressive landscape of ransomware and identity-based attacks.
This initiative is a central pillar of the National Cybersecurity Plan 2025–2030, a long-term roadmap designed to mitigate systemic digital risks and standardize protection across government entities. By integrating Microsoft’s technical resources, Mexico’s Digital Transformation and Telecommunications Agency (ATDT) intends to build a more resilient public sector capable of protecting both state functionality and sensitive citizen data.
The urgency of the agreement is underscored by a sharp rise in cyber aggression. Data from IQSEC reveals that Mexico climbed from 16th place in 2024 to 11th place globally in ransomware attack attempts during 2025. This surge positions the country as the second most targeted market in Latin America, trailing only Brazil.
For those of us who have spent time in the weeds of software engineering, this trend is a familiar, if alarming, pattern. When a nation undergoes rapid digital transformation without a corresponding investment in security foundations, it creates a massive attack surface. Heidy Rocha, Director General of Cybersecurity at ATDT, noted that the digital transformation of the state requires solid foundations of security, emphasizing that government digital services are fundamentally interdependent with information security.
The Identity Crisis: Why the Perimeter Has Shifted
The current threat landscape in Mexico is not just about better malware; it is about the collapse of the traditional network perimeter. In the past, security was about building a “wall” around a network. Today, identity is the novel perimeter. If an attacker can compromise a set of credentials, the wall becomes irrelevant.
Research from Permiso Security highlights a critical vulnerability: 76% of cybersecurity professionals report that more than 54% of security incidents in recent months involved identity management issues. This makes the compromise of both human and non-human identities the primary entry vector for attackers.
Non-human identities (NHIs)—such as service accounts, API keys, and automated bots—now represent 44% of all identity types. The risk is compounded by the rise of AI agents. While these tools drive efficiency, they often arrive “over-permissioned,” meaning they have more access to sensitive data than they actually need to function. Ian Ahl, Chief Technology Officer at Permiso Security, has warned that for many organizations, a major incident involving these agents is a matter of time rather than possibility.
Closing the Operational Gap
One of the most concerning aspects of Mexico’s current posture is the time it takes to realize a breach has occurred. There is a significant lag between the moment an identity is compromised and the moment a security team confirms the threat.

| Metric | Current Performance |
|---|---|
| Teams detecting identity threats in < 1 hour | 18% |
| Organizations requiring 1–24 hours to detect breach radius | 61% |
| Organizations detecting identity risks before an incident | 43% |
Microsoft attributes these delays to “tool fragmentation.” Many security teams are forced to juggle between three and 10 separate tools to gain visibility into their identities. This fragmented approach requires analysts to spend between 10 and 40 hours per week manually correlating data, a slow process that agile threat actors easily exploit.
To address this, the partnership will leverage Microsoft’s Secure Future Initiative. This framework focuses on achieving higher protection standards by consolidating security tools and improving the speed of detection and response.
A Roadmap for Public Sector Resilience
The cooperation between ATDT and Microsoft is not merely about software deployment; it is about cultural shift. Rafael Sanchez, President and General Manager of Microsoft Mexico, described the collaboration as both a responsibility and a privilege, focusing on a framework for exchanging technical knowledge to build safer environments for public institutions.
The roadmap includes several key objectives:
- Institutional Capacity Building: Strengthening the ability of decentralized bodies and public entities to manage their own security posture.
- Continuous Training: Educating public servants in basic cybersecurity hygiene to reduce the success rate of phishing and social engineering.
- Zero Trust Adoption: Moving toward a “never trust, always verify” model where no user or device is trusted by default, regardless of their location relative to the network.
The industry response to these threats is already visible in budget forecasts. Nearly nine out of 10 organizations in Mexico plan to increase their investments in identity security during 2026, with 38% of companies planning budget increases of more than 30% to acquire unified identity security platforms.

As Mexico continues to integrate AI agents and multi-cloud environments into its state infrastructure, the focus will likely shift toward the continuous tracking of non-human identities. Currently, only 50% of organizations claim to track these identities continuously, leaving a window of opportunity for attackers to operate undetected via scheduled audits that miss real-time threats.
The next phase of this partnership will involve the rollout of specific training modules for public servants and the launch of national prevention campaigns to consolidate a security-first culture across the federal government.
Do you think a Zero Trust model is feasible for large-scale government bureaucracies? Share your thoughts in the comments or join the conversation on our social channels.
