RIO DE JANEIRO, BRAZIL – On average, 46% of Brazilian companies invest up to US$1 million a year in cybersecurity.
The same amount is invested by a much smaller portion – 21% on average – of companies in Singapore and G7 members (Germany, Canada, United States, France, Italy, Japan and United Kingdom), since a large part of their system protection budgets range from US$1 million to US$5 million per year.
The comparison is included in a study by the American Palo Alto Networks cybersecurity company conducted between April and June with 3,000 companies.
Among the 250 executives from Brazilian companies interviewed, 33% allocate between US$1 million and US$5 million to information security. The same budget range is allocated by an average of 50% of companies in other countries. The exception is Germany, where the budget is at a different level: 37% of the surveyed companies earmark between US$5 million and US$10 million to protect their operations.
In addition to the unfavorable economic scenario in relation to the other countries surveyed, Brazil lacks maturity in perceiving security as part of the business and not as a matter for the technology area, says Daniel Bortolazo, Senior Systems Engineering Manager of Palo Alto Networks in Brazil.
“Many Brazilian companies see security as an expense and support, rather than as a strategic investment that can speed up data migration to the cloud and compliance with the General Law of Data Protection (LGPD),” Bortolazo says.
According to the expert, the rush to send teams to home office has led companies to neglect security somewhat. According to the study, 39% of Brazilian organizations said that the rapid implementation of remote work resources created more security risks and 33% admitted compromising the company’s security to enable home office.
The migration of data to cloud computing services, as an option to digitize the business and survive the pandemic, also contributed to Brazilian companies’ vulnerability in the period. “With users going home and apps in the cloud, protection is needed to address both of these fronts,” Bortolazo says.
Although many companies, particularly larger ones, managed to keep up with changes, more frequent cyberattacks on corporations, such as on retailer Lojas Renner in August and medical group Fleury in June, showed that cybercriminals were faster. “The attack market has also modernized with the adoption of ready-made, ransomware-as-a-service attacks, for instance,” the executive says.
Brazil is at the bottom of the survey regarding the use of zero tolerance methodology, or “zero trust,” in cybersecurity. Some 30% of respondents said they assume that every user is a suspect until proven otherwise, and monitor all the company’s data flow. In Japan, the method is practiced by 62% of companies and in Canada, by 39%.
As for the behavior of employees on remote work in relation to corporate cybersecurity rules, Brazil has the most cooperative teams. Only 18% of Brazilian organizations reported that employees are either ignoring or circumventing remote security. The highest rate is found in Japan, where 34% of companies said that home office employees do not comply with the rules.