The era of isolated enterprise cybersecurity is over. A 68% increase in supply chain attacks, shows that collaborative defense has transitioned from an alternative to a critical operational imperative for survival in the modern digital ecosystem.
“Collaboration among enterprises is essential, as government efforts alone are not enough to counter today’s cyber threats,” says Erick Sánchez, CISO, Cinépolis, during the Mexico Cybersecurity Summit 2025.
An organization’s security no longer depends on its perimeter defenses but on the resilience of its least prepared partner. “Threats have no borders and do not distinguish sectors. Cybercriminals collaborate constantly… If we do not collaborate, our destiny is marked,” says Angélica Arana, CIO, Multiva.
The financial consequences of cyber incidents have reached an all-time high, with an average global cost of US$4.88 million per data breach, according to IBM’s 2025 Cost of a Data Breach Report. Some sectors face higher risks: the healthcare sector records the highest cost at US$9.77 million per incident, followed by the financial sector at US$6.08 million. These figures show that cybersecurity has transcended its technical function to become a pillar of strategy and fiduciary responsibility for senior management.
This growing problem calls for a new approach to cybersecurity, one with collaboration at the center. “We often assume that being competitors means we cannot share solutions. In reality, sharing creates a healthier environment that drives innovation and business growth,” says Ernesto Ibarra, President, Alianza México CiberSeguro.
This approach, however, faces significant barriers, primarily cultural and trust-related. Ibarra explains that businesses in Latin America are very guarded about sharing data and trends that could serve colleagues. Therefore, the first action to strengthen collaboration is to organize the sectors and generate that trust in the ecosystem.
An effective approach to overcome mistrust could be the adoption of zero trust models, which would enable the transmission of data without exposing data confidentiality, says Ibarra.
“The key is to generate reports that allow us to identify attacks that others have already faced, and share gaps without exposing weaknesses. This principle is formalized through protocols such as the Traffic Light Protocol (TLP), which classifies information sensitivity, and is technologically enabled through Threat Intelligence Platforms (TIPs),” says Pablo Mosqueira, General Director and Strategic Partner, QMA/iboss Mexico.
This need for certainty extends to public-private collaboration. “Collaboration is vital in threat intelligence and fraud pattern detection. It must happen within the industry, with support from the government,” says Iván Tapias, Vice President, Security Solutions, Mastercard.
Strengthening the relationship between the cybersecurity sector and the government could help to enhance regulation, so crimes like fraud, card theft, and usurpation are prosecuted, says Sánchez.
Proven models for this collaboration exist. Information Sharing and Analysis Centers (ISACs) offer sectoral intelligence; the Multi-State ISAC (MS-ISAC), for example, prevented over 59,000 attacks for its members in 2024.
In parallel, human training must evolve. The cybersecurity sector faces a structural talent deficit, with a global shortage of 2.8 million professionals. Furthermore, mistakes by individual users are often the entry points for larger attacks. “The weakest link is still the user,” says Arana. Under these circumstances, CISOs play a key role as “they can speak to the board and to general management in terms they understand,” she adds.
As attacks rise sharply and breach costs reach historic levels, cybersecurity has evolved from a technical concern to a strategic and fiduciary responsibility. In this scenario, the CISO gains unprecedented importance, and responsibilities.
“Our role must evolve from technical to strategic. Security must be a business enabler, not just a technical function,” says Óscar Chombo, CISO, Scotiabank.
