More than 90% of Mexican organizations tend to maintain or grow their IT security budget, but only 46% of them have implemented a proper strategic plan, according to consultancy Ernst & Young's 13th Global Information Security Survey.
"Compared with last year, most Mexican organizations have kept or increased their investment in areas such as IT security, but more than half of them do not have a formal strategy," said the consultancy's risk assignment service (RAS) senior manager Ricardo Lira.
According to Erika Saucedo, another RAS senior manager, internal security attacks have increased 47% in Mexico.
"Social networks, cloud computing and mobile devices are part of the problem for the increased security risks in Mexico (56%) and worldwide (60%) compared with last year, because they are more exposed to data loss and unauthorized platform access," she said.
One issue highlighted by the report was the tendency in Mexico to focus more on organizational policies than on creating preventive controls for subjects like security.
Recently, Mexico's government approved a personal data protection law, which according to Ernst & Young will allow companies to protect their brands and reputations.
"We think that this new law will create adjustments in organizations' priorities regarding information security," Lira added.
Among the 1,586 organizations surveyed worldwide - of which 91 were from Mexico - only 28% are considering new IT security risks in their action plans. Of this group, only 50% have kept their existing actions plan up to date and in line with business goals.