%202%20(1).png)
Mexico
Mexico has long maintained ambitions to become a major knowledge economy. Despite the impact of current austerity measures on the science and technology sectors, a steady trajectory in IP growth and a growing community of highly skilled workers present Mexico with positive prospects for its knowledge economy growing in the future. However, its capacity to combat the specific threat of cyber-enabled IP theft remains constrained.
Mexico City - 2006 CC 2.0 Edmund Garman
Key Facts
.svg)
R&D Investments
Patent Applications
Cybersecurity Agency
Mexico's growing knowledge economy, with IP-intensive industries contributing significantly to total economic production and increasing human capital in knowledge-intensive sectors, makes it an attractive target for economic cyber-espionage.
The knowledge economy in Mexico has grown steadily. A 2020 study by IPKey (European Union) and the Mexican Institute of Intellectual Property (IMPI) estimates that IP-intensive industries contribute around 48% of Mexico’s total economic production. Mexico’s knowledge economy is sustained by an increase of human capital and digital transformation. Workers employed in knowledge-intensive employment constitute 21% of the nation’s workforce. In parallel, internet use in Mexico has grown significantly (75.6% of the population now use it), but there’s a digital divide with rural areas, where one in two people lack adequate internet access. Mexico also lags significantly in R&D investment compared to other OECD countries. The austerity measures imposed by the administration of President López Obrador (2018–2024) also affected the science sector, leading to a 7% budget cut for the National Council of Science & Technology (CONACyT) in 2023. Nonetheless, incentives for private companies remain in place, including credits, regional development initiatives and sectoral promotion programs.
Mexico's extensive international partnerships, particularly through its numerous free trade agreements with OECD countries and strong economic ties with China, increase its vulnerability to economic cyber-espionage due to heightened competition for strategic contracts and technology transfers. The US ranks as its primary economic partner and Canada as its third. Additionally, Mexico has an Economic Association, Political Coordination and Cooperation Agreement with the EU, allowing relations with its 27 member nations, including prominent OECD members such as Germany, Spain and France. Meanwhile, Mexico and China concluded a Comprehensive Strategic Association in 2013 that focused on education, science, technology, medical cooperation and environmental and agricultural initiatives.
Mexico doesn’t consider cyber-enabled IP theft as a distinct cybersecurity issue. However, its membership of certain trade agreements, including the United States – Mexico – Canada Agreement, subjects it to stringent data-security and IP-protection standards. That means that IP-intensive companies engaging in trade and cooperation with US and Canadian entities are likelier to have much higher cybersecurity standards. However, there’s no specific federal legislation to combat cybercrime, although proposals for a national cybersecurity law or national cybercrime law are being discussed. Nonetheless, cyber-enabled IP theft is criminalised under the 2018 New Industrial Property Law and the Federal Law on the Protection of Personal Data in Possession of Private Parties. The Federal Police is responsible for the enforcement of those laws.
Despite those measures, Mexico’s national response to cyber-enabled IP theft is undermined by several factors. First, law enforcement against computer intrusion is relatively weak due to under-resourcing and a culture of impunity. It’s estimated that fewer than 5% of cybercrime cases are investigated. Second, there’s a lack of political willingness (including by the former Lopez Obrador administration and the current Sheinbaum administrations) to prioritise cybersecurity. Although the National Cybersecurity Strategy was developed in 2017, its impact is limited, as it wasn’t published in the Official Diary of the Federation (meaning that it wasn’t adopted by government). Third, there’s a lack of coordination and delineation of responsibilities in Mexico’s cybersecurity governance, leading to uncoordinated institutional efforts and leaving the country vulnerable to cyberattacks. Fourth, companies don’t face strict requirements to report cyber incidents, so cases often go unnoticed.
More broadly, Mexico’s defence against cyber-enabled IP theft is undermined by a culture of acceptance of IP theft. According to the National Study on Piracy Consumption Habits carried out by the federal government, only a third of the population of Mexico understands the concept of intellectual or industrial property. It’s estimated that 70% of the population, in 2022, acquired a pirated product. Admittedly, the US Trade Representative’s Special Report 301 places Mexico on its Watch List, which makes the country subject to surveillance due to the risk that IP theft becomes a more urgent matter.
Despite commitments under Mexico’s international agreements, budget constraints have hampered the effective implementation of laws and strategies to reinforce IP protection. IMPI collaborates with public and private entities, nationally and internationally, and adheres to various international conventions to strengthen IP rights. Mexico also actively participates in international discussions on cyber matters, especially through the UN process. But, despite its participation, cybersecurity hasn’t become a central issue in national- and economic-security discourses.
Reported cases of economic cyber-espionage
Name of Incident
