Carlos Vela, partner in the Information and Communications Technology practice at the Baker McKenzie law firm, explains that when a cyber attack occurs, where user information is stolen, government entities are required by law to notify the people of the breach, however, do not.
“Privacy and data protection laws were created to regulate governments, but the problem is that they are not followed promptly due to a lack of information protection compliance culture and, above all, due to a lack of incentives, fines or strong sanctions, so that they really take care of the information of the users ”, he assures.
Mexico has become one of the most vulnerable nations in Latin America in terms of cybersecurity. According to information from Kaspersky, it is the second in the region to receive attacks from malwarewith 298 attempts per minute.
What about companies?
Unlike the government, says the expert, multinational companies are the ones that report the most cyber attacks to the National Institute for Transparency, Access to Information and Protection of Personal Data (INAI), since, if they do not, they may be creditors to fines amounting to more than a million dollars.
According to PwC’s Digital Trust Insights 2023 Mexico edition study, Mexican companies are more prepared to face and prevent cyber attacks, unlike in 2020.
Seven out of 10 companies will increase their cybersecurity budget in 2022, 14% more than the previous year. However, they recognize that there are still capabilities that need to be strengthened to reduce the risks of attacks, for example, threat detection, regulatory compliance or collaboration between teams.
Among all, small companies are the ones that notify the least of a hack, since they are not aware of the obligations they have by law.