There are still people who believe cyberattacks are a distant thing or exclusive to large corporations. But the reality is different: digital crime has become routine. Silent scams, data leaks, fraud, and system invasions have paralyzed operations, destroying reputations and causing losses that go far beyond the financial.
In 2024 alone, the number of digital crimes in Brazil grew by 95% compared to the previous year, according to Check Point Software. And the trend continues to rise in 2025. Artificial intelligence, used by companies to detect risks, is also being exploited by criminals to create increasingly sophisticated scams. A recent survey by Cisco showed that 93% of organizations already use AI to protect themselves, but 77% have been attacked with the help of the same technology. With advancements, criminals can create extremely realistic fake communications that deceive even the most attentive and lead to mistakes.
For Allan Costa, CEO of ISH Tecnologia, the cyber threat is no longer a future possibility—it is a constant reality. “Digital security has become everyone’s conversation. Everyone says they practice it. But in practice, when we analyze the maturity level of companies, most are still taking baby steps. They talk a lot, do little.”
In Allan’s view, digital security goes far beyond technology; it involves risk, trust, and reputation, and needs to be on the board’s agenda, not just in the hands of the IT department. “Nothing in digital security is 100% safe. There is no silver bullet”, he warns.
He argues that every company must assume incidents will happen and, therefore, the focus should be on rapid detection and immediate response. This means having monitoring structures like SOCs (Security Operation Centers) and MDRs (Monitoring, Detection, and Response) operating 24/7. “Hackers don’t keep business hours. Your defense needs to match that pace”, he reinforces.
In the CEO’s view, an effective strategy combines technology, processes, and people, with continuous investment even when success seems invisible—when ‘nothing happens.’ Additionally, he warns that many attacks start with human failures, such as clicking malicious links, using weak passwords, or careless behavior on social media.
As an example, he explains that in all proof-of-concept tests conducted by ISH with new clients, there are always leaked data already available on the deep or dark web. This shows that many times, companies don’t even know they are already exposed.
Allan also shares personal recommendations: using strong passwords and changing them regularly, avoiding public Wi-Fi, and, if possible, keeping banking devices separate from those used for regular browsing.
Marcos Koenigkan, entrepreneur and president of the Mercado & Opinião group, has been promoting meetings with top leaders in the country. This month’s theme was precisely cyberattacks.
“We are living in a moment where business continuity depends directly on the ability to protect data, processes, and reputation. It’s no longer a question of protecting against an attack but how your company will resist and react when it happens”, he states.
For Marcos, the role of leadership has never been more decisive. “Digital security must start at the top. It’s a strategic choice that impacts brand value, customer relationships, and business sustainability.”
He further highlights that the current challenge is not just in investing in tools but in creating an organizational mindset focused on prevention, preparation, and intelligent response. “Security is routine, culture, leadership decision-making. And this needs to be part of the company’s strategy,” he concludes.
Paulo Motta, Marcos Koenigkan’s partner at Mercado & Opinião, reinforces: “We need to understand that security is not achieved with a single action—it’s routine, process, and awareness at all levels of the company.”
With cyberattacks becoming increasingly prevalent, prevention remains the best defense for businesses. It starts with engaged leadership, strategic decisions, and a real shift in how companies approach digital security—not as a cost, but as a priority to ensure trust, continuity, and growth.
