Cybersecurity teams in Brazil are still small, research shows

The digital acceleration promoted by the pandemic has increased the perception of the importance of cybersecurity in companies. Despite this, Brazil has not yet reached a high degree of maturity in the matter. This is what the 3rd Cybersecurity Survey by Tempest, a leader in the sector in the country, shows.

In relation to developed countries, Brazil is still behind in terms of speed of migration to new technologies, budget and maturity of management and governance of the theme.

In the last year, major retailers in the country, such as Renner, Americanas and Fast Shop, and public agencies, such as the Ministry of Health, were victims of digital offensives.

According to a survey by Tempest, carried out in partnership with Datafolha, 82% of companies have up to five employees dedicated to cybersecurity. Among large companies, with more than 500 employees, 60% have a team of this size, 36% with three to five people and 24% with up to two.

The ideal number of employees dedicated to the subject will depend on the size and performance of the companies. For example, financial institutions, legal companies and public bodies should have more teams in relation to organizations that do not deal with sensitive information and data.

“In general, it is still an insufficient number. The market is not meeting the size of the need, but it is much better than it was a while ago”, says Lincoln Mattos, CEO of Tempest. Today, budget is the main barrier to investing in cybersecurity for 65% of companies, followed by technological challenges (56%) and cultural issues (52%).

The survey also pays attention to the role of CISOs, the chief information security officers. Today, only 30% of companies have the position.

For Mattos, the growth in the presence of CISOs in companies in the last five years is a sign of greater maturity in the market. However, it is important that CISOs are dedicated solely to cybersecurity.

“If the CISO is taking on roles in another area, such as infrastructure, he is probably not a CISO. When the company has a person dedicated to the subject, it means that it has passed the level”, he says.

As it is still a new position in most organizations, the topics addressed by these executives in internal conversations are still very introductory when compared to more advanced sectors in the subject, such as financial institutions, he assesses.

“Especially during the pandemic, the topic gained relevance in terms of recognition by organizations. The speed of growth was very fast. I think that in the financial sector, in particular, we are beginning to have a maturity closer to developed countries”, explains.

While the average annual budget for cybersecurity in the financial sector is BRL 1.8 million, in other sectors it is less than half, BRL 747 thousand.

But banks and the like are stronger on the subject not only because they have a bigger budget, but because of the incidence of hacker attacks. In the sector, 50% of companies have been victims of attacks in the last 12 months, with ransomware and malware prevalent.

The sample of the 3rd Tempest Cybersecurity Survey is 172 companies, interviewed by Datafolha between January and April 2022. Managers, leaders and responsible technicians who either participate in cybersecurity management or in the information security of small businesses were consulted (between 50 to 99 employees), medium (between 100 and 499) and large (more than 500).

The margin of error is 7.5 percentage points for the total sample, considering a confidence interval of 95%.