Mexico's World Cup Moment: A New Cyber Plan Meets Its First Big Test

The FIFA World Cup 2026 is stress-testing Mexico's seven-month-old National Cybersecurity Plan before the country even has a proper cybersecurity law.

ThreatVectr Newsdesk· 3 min read
Aerial 16:9 editorial photograph of a packed football stadium in Mexico at dusk, floodlights blazing over a vivid green pitch, city skyline glowing faintly in t
Share

Key points

  • Mexico adopted its National Cybersecurity Plan in late 2024, roughly seven months before the FIFA World Cup 2026 kicked off, according to a June 25 analysis by threat intelligence firm Recorded Future.
  • Latin American organisations suffered an average of nearly 3,150 cyberattacks per week in May 2025, a 13% rise year over year.
  • An AI-assisted attack hit at least nine Mexican government agencies in 2025, stealing data but failing to reach industrial control systems.
  • Mexico still has no single dedicated cybersecurity law, only a patchwork of overlapping regulations across different government bodies.
  • Recorded Future rated Mexico's digital-security risk as "medium" before the tournament, but noted attacks have risen during the event.

Mexico is hosting three FIFA World Cup 2026 stadiums. That alone would raise the country's profile. But the tournament is doing something else too: forcing a stress test of a national cybersecurity plan that barely had time to leave the printer.

The plan, drafted by Mexico's Digital Transformation and Telecommunications Agency and adopted around seven months ago, sets out targets for 2025. Those include building a National Cybersecurity Centre to track threats and drafting a fuller national strategy by the end of the third quarter. Progress is real. But so is the pressure.

"Cyber risk around the tournament is likely to be elevated, as the event creates a target-rich environment for ransomware groups" (ransomware is malicious software that locks an organisation's files until a payment is made), "hacktivists, fraud actors, and disinformation networks," Recorded Future wrote in its June 25 report.

What does this mean for ordinary people attending or following the tournament?

Fans in Mexico City, Guadalajara, and Monterrey should expect criminals to target booking systems, ticketing apps, and public Wi-Fi networks. Phishing messages, where criminals send fake emails or texts to trick people into handing over passwords or card details, tend to spike around major sporting events. If you receive a message about a ticket refund, a prize draw, or any urgent account action tied to the World Cup, treat it with suspicion and go directly to the official site instead of clicking any link.

The Mexican government set up the "Kukulkán Plan" to coordinate security across host cities, including information-sharing arrangements with the United States, Canada, and FIFA. Risk exercises were run. Stadium perimeters were reinforced. The effort is genuine.

Yet gaps remain. NYU adjunct professor and Latin American telecoms expert José Felipe Otero notes the plan says little about protecting industrial and operational systems, the kind of machinery that runs power grids and water treatment plants. It also does little to address third-party suppliers and the small businesses that make up most of Mexico's economy.

Legislation is another weak point. Mexican financial consultancy Nader Hayaux & Goebel found that several cybersecurity bills have been submitted to Congress, but none has passed. The country still relies on a patchwork of laws spread across different agencies and jurisdictions.

The numbers behind all this are bracing. Organisations across Latin America were hit with close to 3,150 cyberattacks per week in May 2025. That figure, up 13% from the year before, comes from Recorded Future's June report, first covered by Dark Reading.

Mexico will not fix structural gaps before the final whistle. But how it handles the next few weeks may well set the pace for everything that follows.

© 2026 Threat Vectr