A Daryus, consulting and educational institution specialized in information security, cybersecurity, resilience and risks, released the results of its first National Survey "Cyber 360º". The study provides a detailed analysis of emerging threats and the protective measures adopted by Brazilian companies, highlighting both the advances and the challenges faced
The research, that involved the participation of 200 IT and cybersecurity professionals from companies of various sectors and sizes, reveals that organizations are at different stages of maturity in cybersecurity. While 80% of respondents rate the maturity level of their companies as high, 20% are still in the early stages of developing their security programs
Jeferson D'Addario, CEO of the Daryus Group, emphasizes the importance of a comprehensive approach: "A high level of maturity in cybersecurity goes beyond the implementation of technologies and policies. It is about creating a mindset and a culture of secure digital transformation.”
The research also highlights that 84% of respondents consider employees as one of the main entry points for cyber threats, such as scams and phishing. Furthermore, 56% point to contracted third parties and 43% mention suppliers as sources of vulnerabilities
The scenario is especially concerning in a time of decentralized work, with many professionals working from home. "The lack of adequate protection creates a false sense of security that can be costly in the event of an incident". "Annual lectures and phishing campaigns are not enough", D'Addario alert
Another relevant piece of data is that 90% of companies have teams dedicated exclusively to cybersecurity. However, this structure varies significantly: 55% have robust teams, with five or more professionals, while 35% have less than five. Worryingly, 10% of companies still do not have any professional dedicated to the topic
The preparation to respond to cyber crimes is also a point of concern. Although 72% of companies consider themselves prepared, the prevalence of attacks such as phishing (66%) and ransomware (61%) suggests that preparation does not mean immunity. Preparation involves the ability to detect and respond effectively to incidents, besides crisis management, explain D'Addario
The research also reveals that 64% of companies offer attack simulations, 57% provide periodic update training and 67% offer initial training for new employees. "Cyber resilience is a matter of leadership and business strategy", D'Addario complete
In risk management, 13% of companies still do not have a risk management plan, and 20% do not review their plans regularly. The rapid evolution of cyber threats (58%), digital transformation (52%) and data protection and privacy (50%) are the main factors considered in the implementation of risk management plans
The COVID-19 pandemic accelerated digital transformation, increasing the need for a robust cybersecurity program. According to the research, 49% of companies stated that investing in cybersecurity in the next 12 months is a high or very high priority. "Technology alone is not the answer"; it is also necessary to manage mindset and culture to better manage risks, concludes D'Addario
The study was conducted by Daryus under the leadership of its education unit, the IDESP – Daryus Institute of Higher Education Paulista, with the support of AIQON, Netwrix, Syxsense, Security First and the Becker Group, between May and August 2024
