Brazil is the second most mature cybersecurity country in the Americas.

The International Telecommunication Union (ITU) published, this Thursday (9/12), the fifth edition of  2024 Global Cybersecurity Index The Global Cybersecurity Index (GCIv5), demonstrating the continued advancement of Brazilian capabilities in this area. In 2018, Brazil was ranked sixth in the Americas; in 2021, third; and in this latest edition, it's the second-most committed country to the ITU's Global Cybersecurity Agenda, encompassing developed capacities in terms of legal measures; technical and procedural measures; organizational structures (governance); training and awareness; and international cooperation.

It is important to note that Anatel, as Brazil's representative in international telecommunications bodies, was again responsible for coordinating and submitting Brazil's response to the fifth edition of the Index. This edition benefited from the collaboration of several essential government agencies and entities, particularly the Presidential Security Office (GSI/PR); the Ministry of Foreign Affairs; and the Brazilian Internet Address Registry (NIC.br).

The fifth edition of the GCI innovates by eliminating ranking classification, based on a decision by Member States adopted at the last World Telecommunication Development Conference held in 2022. Countries will now be classified into groups, with Brazil placed in Group 1 as a model. The full report can be consulted at: https://www.itu.int/en/ITU-D/Cybersecurity/Documents/GCIv5/2401416_1b_Global-Cybersecurity-Index-E.pdf .

See the classification of the countries of the Americas in the figure below.

Additionally, Brazil's contribution to the GCIv5 process and improvement is highlighted, as Anatel led the Correspondence Group and the Regional Center for the Development of the Information Society (Cetic.br) led the development of the methodology for changing ranking to group classifications.

Regarding GCIv4, published in 2021, the main highlights justifying Brazil's position are the enactment of the National Cybersecurity Policy (PNCiber) and the creation of the National Cybersecurity Committee (CNCiber), by Decree No. 11,856, of December 26, 2023; Brazil's adherence to the Budapest Convention, promulgated in Brazil by Decree No. 11,419, of April 12, 2013; the "Hackers for Good" program; Anatel's Certification Acts with minimum cybersecurity requirements (Acts 77/2011 and 2436/2023); the publication of the Cybersecurity Guideline for Telecommunications Service Providers – Basic Level; among other actions related to the five pillars evaluated – legal measures; technical and procedural measures; organizational structures (governance); training and awareness; and international cooperation.

Anatel has been developing various efforts in this area and recently updated its Anatel Cybersecurity Regulation (R-Ciber – Resolution No. 740/2020). R-Ciber, which created the Cybersecurity and Critical Infrastructure Risk Management Technical Group (GT-Ciber) of Anatel, with the aim of strengthening the organizational structures of Brazilian society and collaborating in the development of actions related to cybersecurity. Furthermore, Anatel created on its portal A space dedicated to cybersecurity With existing public policies, available regulations, certification acts, GT-Ciber decisions and the decision repository, studies, and awareness materials.