In the face of increased threats from hackers and third-party service providers, according to the report, half of all respondent organisations in Mexico declared to having experienced a data breach.

Identified threats and priorities

With half of respondents having experienced a data breach, it’s unsurprising that a high number (42%) rate hackers as a threat that might expose sensitive data, the highest rate globally and well above the global average of 29%.

Despite this concern, just a third (34%) of those organisations have a consistently applied encryption strategy, below this year’s global average of 50%. This lack of consistent adoption seems to be driven by challenges in discovering where sensitive data resides, which was cited as the biggest challenge when planning and executing an encryption strategy in Mexico - although the rate (51%) is below the global average (65%). The fastest-growing challenge is classifying which data to encrypt, which is up from 30% last year to 43% this year.

When it comes to what data is being encrypted, 55% of respondents in Mexico said their organisations are encrypting payment related data, while 46% of respondents say customer information is most often encrypted and 43% encrypt employee/HR data.

But encrypting this data requires managing encryption keys. For respondent organisations in Mexico, the pain associated with key management is increasing, with 62% reporting a high rate of overall pain associated with managing encryption keys. This is up from 61% last year and is higher than this year’s global average of 56%.

Furthermore, three quarters (76%) of respondents in Mexico rate lack of skilled personnel as a top reason that makes key management painful; this is the highest rate worldwide for the 3rd straight year. The second highest reason is no clear ownership, which was ranked by 51%. Additionally, training users to use encryption appropriately is rated as a greater challenge for those in Mexico than in other regions (19% vs. 14% globally), and has been higher than the global average for five straight years.

The growing role of hardware security modules (HSMs)

For the second straight year, when rating important features associated with encryption solutions, organisations in Mexico rank tamper resistance by dedicated hardware (e.g., HSM) at the highest rate worldwide (72% vs. 50% globally). However, the rates of hardware security module (HSM) adoption reported by respondents is low, with 31% of respondent organisations in Mexico using HSMs (vs. 49% globally).

The top HSM use case for respondents in Mexico is application-level encryption at 44%. This is up from 39% last year although lower than this year’s global average of 47%. The second highest HSM use case is container encryption/signing services at 41% (vs. 40% globally). When using HSMs to protect cloud applications organizations in Mexico (46%) show a higher preference than the global average (41%) to use HSMs they own and operate.

Over the next 12 months organisations anticipate greater use of HSMs for several use cases, including the already leading use case of application-level encryption being expected to increase from 44% to 60%. Big data encryption is expected to increase from 19% to 31%, while public cloud encryption including for Bring Your Own Key (BYOK) deployments is expected to increase from 16% to 29%.

External and internal challenges

“This year’s research shows that organisations in Mexico are facing challenges from every direction. From outside they appear to be facing a barrage of attacks from hackers and from the inside, when looking to adequately protect their data, they struggle to know what data to encrypt and where to find it,” said José Rivera, sales director, LATAM region, Entrust. “The third challenge for those in the region looks to be that of an acute skills shortage and as organisations across Mexico look to use encryption solutions as a key part of their data protection, they will need not just HSMs that offer scalability and tamper resistance to help manage their encryption keys, but also sourcing those HSMs from a trusted partner that can help provide the relevant skills and education needed to employ this technology as part of a consistent strategy throughout the business.”