Daryus, a consultancy and educational institution specialized in information security, cybersecurity, resilience and risks, has released the results of its first National Survey “Cyber 360o”. The study offers a detailed analysis of emerging threats and protection measures adopted by Brazilian companies, highlighting both the advances and challenges faced.
The survey, which was attended by 200 IT and cybersecurity professionals from companies of various sectors and sizes, reveals that organizations are at different stages of cybersecurity maturity. While 80% of respondents rate the maturity level of their companies as high, 20% are still in the early stages of developing their security programs.
Jeferson D’Addario, CEO of Daryus Group, emphasizes the importance of a comprehensive approach: “A high level of cybersecurity maturity goes beyond the implementation of technologies and policies.It is about creating a mindset and a culture of secure digital transformation
The survey also highlights that 84% of respondents consider employees as one of the main entry points for cyber threats such as scams and phishing.In addition, 56% point to third parties contracted and 43% mention suppliers as sources of vulnerabilities.
The scenario is especially worrying in a time of decentralized work, with many professionals in home office.“A lack of adequate protection creates a false sense of security that can cost dearly in the event of an incident. Only annual lectures and phishing campaigns are not enough”, warns D’Addario.
Another relevant fact is that 90% of companies have teams dedicated exclusively to cybersecurity. However, this structure varies significantly: 55% have robust teams, with five or more professionals, while 35% have less than five. Worryingly, 10% of companies still do not have any professional dedicated to the topic.
Preparation to respond to cybercrime is also a point of attention. Although 72% of companies consider themselves prepared, the prevalence of attacks such as phishing (66%) and ransomware (61%) suggests that preparedness does not mean immunity. “Preparation involves effective incident detection and response capability, as well as” crisis management, explains D’Addario.
The survey also reveals that 64% of companies offer attack simulations, 57% provide periodic refresher training and 67% propose initial training for new employees.“Cyber resilience is a matter of leadership and business strategy”, adds D’Addario.
In risk management, 13% of companies do not yet have a risk management plan, and 20% do not review their plans regularly.The rapid evolution of cyber threats (58%), digital transformation (52%) and data protection and privacy (50%) are the main factors considered in the implementation of risk management plans.
The COVID-19 pandemic has accelerated digital transformation, increasing the need for a robust cybersecurity program. According to the survey, 49% of companies stated that investing in cybersecurity in the next 12 months is a high or very high priority. “Technology alone is not the answer; it also requires a management of mindset and culture to better manage” risks, concludes D’Addario.
The study was conducted by Daryus under the leadership of its education unit, IDESP ' Daryus Institute of Higher Education Paulista, with the support of AIQON, Netwrix, Syxsense, Security First and Becker Group, between May and August 2024.
