Geopolitics, AI, Data Risks Are Main Concerns in 2026: Minsait

The geopolitical landscape, AI-driven threats, and data protection will be the top among six trends to define the global cybersecurity industry by 2026, as organizations shift from reactive measures to comprehensive operational resilience, according to Minsait Cyber. This scenario must be accompanied by an architectural reconfiguration to protect industrial infrastructures and software supply chains throughout Latin America.

“The challenge for 2026 is protecting digital assets, while building organizational resilience against an increasingly volatile, automated, and distributed environment,” says Erik Moreno, Director of Minsait Cyber, Indra Group. “Cybersecurity must align with the business, anticipate risks, and enable a secure adoption of AI.”

The cybersecurity landscape of 2026 is defined by a convergence of technological acceleration and macroeconomic shifts marked by geopolitical tensions and the unregulated adoption of AI.  This scenario has consolidated software supply chain attacks as the primary risk vector for organizations, while Cybersecurity turns into a strategic factor for operational continuity, competitiveness, and business confidence. 

In Mexico, the relevance of this shift is critical. The country’s status as an industrial power and high interconnection between systems in manufacturing plants, energy systems, healthcare services, and water networks expose the nation to risks that transcend the virtual environment. Moreno says that geopolitical uncertainty in other regions or countries — Europe, Latin America or the United States— could generate direct repercussions for the local economy. 

“A single attack on the servers of a well-positioned provider, combined with the high level of interconnection of critical national systems, could affect financial services, transportation services, or even the energy supply of assembly plants in northern Mexico,” says Moreno.

Pillars Defining Cybersecurity Resilience in 2026

The first trend for 2026 links geopolitical changes to AI adoption. The current environment is characterized by persistent cyber warfare, where Distributed Denial of Service (DDoS) and ransomware serve as tools for political and economic pressure. Moreno identifies that uncertainty in foreign nations impacts national and corporate security in Mexico.

The risk transfers to final sectors and small and medium-sized enterprises (SMEs) through dependence on large technology corporations or hyperscalers. Moreno cites instances where attacks on hyperscalers disabled basic services, including retail payment systems and social networks. Consequently, organizations must strengthen high availability and redundancy capabilities to ensure that global uncertainty does not halt daily operations within industrial infrastructures, hospitals, and energy providers in Mexico. 

As the second trend, Moreno emphasized that the increasing complexity of multi-cloud and hybrid environments requires the abandonment of traditional security perimeters. 

“By 2026, the implementation of Security by Design and Zero Trust Architecture (ZTA) will be the minimum standard for organizations,” says Moreno. “These architectures operate under the principle of never trusting and always verifying, which segments networks to limit the lateral movement of attackers”-

Furthermore, Cyber Security Mesh Architecture (CSMA) provides a modular approach that unifies dispersed security controls for an orchestrated response. The use of Network Detection and Response (NDR) provides advanced visibility of network traffic, which is fundamental for forensic analysis and detecting anomalies in distributed environments. Moreno says that cybersecurity is a cornerstone to decrease the attack surface: “It must no longer depend strictly on information technology departments but integrate into strategic decision-making.”

The third trend identified by Minsait relies on attacks targeting code repositories and public libraries, becoming another critical risk vector. The dependence on third parties for application development increases the probability that a vulnerability in an open-source component compromises thousands of organizations simultaneously. By 2026, incidents targeting development pipelines, containers, and open-source dependencies will increase.

The technical response for 2026 includes the systematic use of Software Bill of Materials (SBOM), which is a detailed inventory of all software components. Additionally, Cloud Native Application Protection Platforms (CNAPP) allow organizations to monitor and protect the entire development life cycle. Moreno warns about the necessity for contractual frameworks that guarantee security from the design phase, particularly in software factories that lack mature development practices.

Traditional security operations based on reacting to alerts, which comprise the fourth trend for 2026, are insufficient against threats automated by AI. The evolution toward advanced SecOps models involves the use of Security Information and Event Management (SIEM) as a central axis, assisted by AI to reduce alerting fatigue. The future Security Operations Center (SOC) will be SIEM-centric and highly automated.

Under this context, the transition from traditional vulnerability management toward Continuous Threat Exposure Management (CTEM) allows companies to prioritize risks based on real business impact. 

“AI in SOCs will not replace human personnel but will enhance analytical capacity,” says Moreno. “The analysis of attack vectors requires human knowledge that AI does not yet possess, turning AI into a server over an enabler to decrease information overload and improve detection”.

In an ecosystem where information is the most valuable asset, controlling dark data (unclassified data without visibility) has turned into a business priority. Technologies such as Data Security Posture Management (DSPM), Data Loss Prevention (DLP), and Cloud Access Security Brokers (CASB) are essential to comply with regulations and avoid accidental data exposure.

Moreno emphasizes the protection of biometric data, which is categorized in Mexico as highly sensitive. In the telecommunications sector, the management of this information represents a massive reputational and operational risk. The strategy must focus on determining who has access to specific data points. Additionally, the emergence of Shadow AI—the unauthorized use of AI agents by employees—requires governance policies that do not prohibit the technology but ensure the integrity of the processed data.

Finally, Minsait emphasized that digital hygiene remains the greatest weakness for organizations. Insecure configurations, delayed patching, and the use of personal devices through Bring Your Own Device (BYOD) schemes facilitate unauthorized access. By 2026, the company urges organizations to prioritize system hardening and the adoption of Mobile Threat Defense (MTD) to protect corporate mobile fleets. Extending CTEM to configurations and patches will allow for the reduction of exploitable entry points.

“The democratization of cybersecurity is vital for SMEs in Mexico. Since these companies often lack the budget for advanced monitoring technologies, the solution lies in managed detection and response services at accessible prices,” says Moreno. “It is a responsibility of large cybersecurity organizations to establish services with lower costs and higher volume”. 

The Current Mexico Landscape 

An obstacle in Mexico is the absence of a cybersecurity law that mandates the reporting of incidents. Moreno questions industry figures, which share how many organizations in the country are vulnerable, as currently, “there is no certainty regarding the number of actual breaches”. This lack of transparency complicates the creation of national strategies based on hard data.

Although Mexico took a small step toward cybersecurity legislation at the end of 2025, Moreno considers the pace to be reactive. “The country moves many steps behind technological advances,” says Moreno, urging a tripartite collaboration among academia, government, and the private sector. “The government must set clear rules and accelerate legislation, while academia orchestrates the relationship between public and private entities.”

Moreno also notes the absence of qualified personnel as a critical gap that requires the establishment of specific cybersecurity careers and professional development programs.

The celebration of the World Cup in Mexico, the United States, and Canada in 2026 also presents a specific risk scenario. A massive increase in electronic operations and digital banking is expected during this time. This environment will likely trigger hyper-personalized attacks and sophisticated fraud through AI-driven social engineering.

Moreno identifies this as a crucial moment for fraud prevention. The involvement of the United States in Mexico during the event may also serve as a starting point for improving physical protection, anti-drone technologies, and highway security. “Organizations must treat these dates as a catalyst to establish common protection practices that persist beyond the event,” says Moreno.