The vast majority of Brazilian companies plan to boost their cybersecurity budgets in 2022; a new study carried out by consulting firm PwC has found.
According to the Global Digital Trust Insights Survey 2022, the increase in cyberattacks in Brazil is among the key concerns of business decision-makers in Brazil, with each threat requiring a different response, new tools and training so teams can be prepared for future incidents.
This scenario has prompted 83% of Brazilian organizations to plan for an increase in spending on cybersecurity in the coming year, the research has found. This compares with the predicted rise in budgets cited by 69% of those polled.
"In Brazil, both CEOs and other top executives believe the cybersecurity mission is changing and playing an important role in building trust and expanding their businesses. They now see the importance of the data they have", said Eduardo Batista, a partner at PwC Brazil.
The study suggests that 45% of Brazilian companies estimate an increase of 10% or more in investments in data security, compared to 26% worldwide. Only 14% of Brazilian leaders expressed the same levels of concern in relation to cybersecurity in 2020, against 8% worldwide. In 2021, 50% of the companies polled by PwC claimed to have allocated up to 10% of their technology budget to security-related actions.
Despite the predicted rise in investments around cybersecurity, the study points to a lack of a more sophisticated understanding around third-party and supply chain risks. However, Brazil has better numbers than their global counterparts in that front. According to the research, around 24% of firms globally have little or no understanding of that type of risk, while around 18% of Brazilian companies have that level of perception, both in terms of understanding the risks and carrying out related actions.
Moreover, the study points to an "expectation gap" among leaders regarding top executive involvement in cyber issues. While Brazilian CEOs say they are likely to get involved after a company breach or when contacted by regulators, other executives on their team say this is seldom the case.
According to PwC's Batista, the top management of businesses must "ensure that risks are monitored and that the security model is simple, but efficient to prevent these risks from bringing real impacts to the company, such as the shutdown of the operation, loss of profit and damage to the corporate image."
Only a third of organizations worldwide have advanced data trust practices. According to the study, Brazilian businesses fare better for all practices, such as the adoption of processes and technologies for encryption resources. For example, 53% of the Brazilian companies polled has audited the security of third parties or suppliers, while less than half of the global companies surveyed have done so.
For 77% of Brazilian leaders polled, organizations have become too complex to protect (compared to 75% worldwide). Board members, IT and security leaders are concerned that this difficulty exposes their organizations to cyber and privacy risks.
The findings of the PwC study suggest a potential shift in spending attitudes towards cybersecurity in Brazil. A separate study published in February 2021 has found that most Brazilian firms failed to increase security spending through COVID-19. According to the survey carried out by consulting firm Marsh on behalf of Microsoft, 84% of organizations failed to boost their security spend since March 2020, even though 30% of those polled saw an increase in malicious attacks.