survey was launched on May 14th , which presents very important data on accessibility and the role of the internet within national companies. He collected data from 4,057 companies with more than 10 employees in Brazil and was supported by the Ministry of Economy, the Brazilian Institute of Geography and Statistics (IBGE), the Institute of Applied Economic Research (Ipea) and a group of specialists from various sectors. Due to the importance of information, this research is critical to understanding the growth of the online presence of organizations and their concern for digital security .
The information collection took place from March to December 2023, with the objective of measuring the use and possession of information technology and the telecommunication processes of the companies. Thus, it was possible to obtain a comprehensive overview of how organizations use the internet and how this process has evolved in recent years .
Based on the use of the internet, it was possible to consolidate information on cyber security and digital communication. We have prepared this material with everything you need to know about recent research ICT Enterprises 2023.
ICT research is based on methodological patterns and internationally defined indicators in manuals of institutions , such as the International Telecommunications Union (UIT). It is also aligned with the Methodological Referentials proposed in the United Nations Conference Manual on Trade and Development (UNCTAD), prepared in partnership with the Organization for Economic Cooperation and Development (OECD) and the European Commission Statistics Institute (Eurostat) through the Multissectoral Initiative Partnership on Measuring ICTe for Development.
Digital security practices covered in the ICT Enterprise research 2023
Developed to understand the technological processes and digital behavior of Brazilian companies, the TIC Empresa 2023 research has also brought fundamental digital safety practices to ensure a more strengthened cyber security strategy. Among the main practices addressed, we can mention:
Digital security risk in the employment contract
Considering the immense growth of cyber attacks today, it is essential to establish the risk of digital security in the employment contract. Digital security is a priority in the context of modern companies , mainly due to the increase of remote work and dependence on systems and digital resources.
In this sense, it is essential that digital safety risks are addressed in the employment contract , so that the company's employees have a broader view of how processes should be performed and what strategies should be implemented.
Regarding the size of companies, there is a major discrepancy among the people interviewed on the subject. Larger companies end up mentioning the risks of digital safety in job contracts more often than smaller companies (31%) , reaching the mark of 64% of respondents.
Digital security on meeting guidelines
This topic debates the inclusion of digital security in the meeting guidelines, highlighting the relevance of these strategies in the company before their activities. In this sense, the survey also revealed that larger companies end up addressing the theme more often, reaching the mark of 75% of respondents.
While in small businesses, this index is much lower, 39%. Data such as this demonstrates that smaller companies have a lower concern in the approach of cyber safety related agendas.
Incentive to mitigate digital safety risks
In order to keep your networks and devices safer, the company must implement efficient strategies. For this reason, the incentive offered by companies to mitigate the risk of digital safety is critical to increasing cyber protection.
These incentives can be done through bonus policy, formal recognition for adhesion, awards, among other resources . Through this strategy, managers will be able to offer awards to employees who act for cyber security, such as the creation of safe passwords, using digital resources properly, warning the IT team about possible security failures, among other measures.
Digital Security Risk Management Training
Making your employees understand the importance of implementing more efficient practices to avoid problems related to digital security is one of the most important aspects of your protection strategy. Risk management training is indispensable for employees to adopt a preventive posture and build a digital culture aimed at protecting information .
Digital security culture is an approach that must be implemented in the daily life of all companies . This means that the rules established by the company and the proper use of digital resources that are part of the business should be part of the routine of all employees.
Through this approach, it is possible to make employees aware of the main cyber threats, their consequences and the damage that can cause the company's structure and image. Thus, employees will be better prepared to identify possible risks and know what are the best strategies to circumvent these challenges .
Which companies have most adopted digital security practices in Brazil?
Among the many variables that were evaluated by the research, it was also analyzed which profile of companies that are most advanced in relation to digital security practices, taking into account the size, location and sector of this company.
Regarding the size, it was evidenced how larger companies have a greater concern with digital security. This difference is more explicitly perceived about the discussion of digital safety risks at organizations meetings, and companies with more than 250 employees had a 75% response rate on the subject, while companies with 10 to 49 employees, only 39%.
In the case of the company's location, there are some variables, but nothing that has a great distinction. An example of this is regarding the implementation of training on digital safety risk management to employees. While in the Southeast region 26%of the companies adopted this practice, in the Northeast this rate is 35%, in the Midwest 34%, North 38%and south of 31%.
Regarding the market markets, the information and communication sector leads the list, with the implementation of safety training training at 63%. The sector also leads in other categories, such as the discussion of the security agenda in meetings (80%), mention of safety requirements in employment contract (66%) and implementation of incentives (43%).
The accommodation and food sector, on the other hand, presented the worst results in the research, highlighting the cyber vulnerability of companies operating in this market.
Large companies have greater concern about digital safety practices
One of the most relevant aspects of ICT Enterprises 2023 research is related to the size of companies that show greater or lesser concern with digital security practices. The research showed that the greater the size of the company, the greater its concern for cyber security.
Following this same line of results, larger companies also responded positively on discussing digital safety risks at organization meetings, as well as better rates regarding training and training on digital safety risk management.
A big difference in performance incentives was not noticed for employees to reduce the risk of digital safety, making it clear that this is not a major priority for organizations.
Information and Communication: The market with more digital security practices
The research ICT Enterprises 2023 took into account several markets, such as:
- Transformation industry;
- Construction;
- Trade, repair of motor vehicles and motorcycles;
- Transportation, storage and mail;
- Accommodation and food;
- Information and communication;
- Real estate activities, professional, scientific and techniques, administrative activities and complementary services;
- Arts, culture, sport and recreation, other service activities.
Because of the need for protection these sectors present, the area of information and communication was the market that presented the highest digital safety practice rate, presenting the highest results taking into account the four points of the research, which are:
- Mention of digital safety risks in employment contracts
- Discussion on digital safety risks at meetings of the company's units
- Offer performance incentives to employees who reduce the risk of digital security
- Promote training on digital safety risk management, such as online courses, workshops, seminars, conferences or training offered through internal meeting
Regarding the Digital Security Risk Discussion Index at the organization's meetings, 80% of respondents in this sector responded positively to this approach, mentioning the theme frequently in meetings held.
In addition, the information and communication sector also presented greater implementation of cyber security training and training, with 63% of the companies interviewed.
Following this trend, 66% of information and communication companies report to mention the risks of digital security in the employment contract. These numbers demonstrate how information and communication sectors are advanced as to the implementation of security measures and protection protocols that should be part of the organizations' routine.
The sectors that most concerned with the digital security of their organizations were the information and communication sector, followed by the real estate activities sectors, professional, scientific and techniques, administrative activities and complementary services.
Regarding companies with the lowest concern with cyber security, the accommodation and food sector is the worst results in the four research axes, with 20% positive response regarding the implementation of training and training on digital security.
Implementation of digital security policy in Brazil
The Digital Security Policy or Information Security Policy is a document designed to define rules, practices and responsibilities aimed at protecting a company's system information . Within a company, this policy should include strategies on how employees need to deal with confidential information, allowed access levels, use of mobile devices to perform tasks and measures to be implemented for security violation.
This means that the digital security policy is designed to protect the organization's information , allowing the company to be in accordance with current standards and to remain competitive by protecting its image in the market. An example of security policy is the “Internet Access Control Policy ”, which can transform your company's security strategy.
Considering research data ICT Enterprises 2023, the implementation of a digital security policy in Brazil is urgent. Research data shows that many companies still do not understand cyber security as a priority, and should adapt to market needs and establish methodologies and guidelines that help protect your information.
The growth of cyber attacks demonstrates that the more prepared the company is on how tasks should be performed by placing data protection as a priority, the more protected will be their information. According to data from Check Point Research , in the second quarter of 2023 about one in 44 companies worldwide suffered a ransomware attack per week.
Scope of digital security policy
As we have seen earlier, the digital security policy is a set of actions indispensable within today's companies . The factors covered by this policy should consider what are the functions and responsibilities of risk management regarding digital safety, inclusion of processes for cooperation and training of employees.
In addition, this policy should also include:
- Processes to enable cooperation in exchange for information within the organization: The security policy establishes processes and procedures to facilitate the cooperation and exchange of information between different departments and stakeholders within the company.
- Audit Review and Improvement Cycle: This policy defines processes to conduct regular audits, revisions and analysis of vulnerabilities, ensuring that security measures are up to date and effective.
- Risk Assessment: It is also part of the security policy to establish guidelines for the assessment of digital safety risks, such as identification and analysis of potential threats, vulnerabilities and associated impacts.
- Processes to decide how at risk should be assumed, reduced, transferred and avoided: Based on the risk assessment performed, the security policy allows managers to establish processes to decide the acceptable level of risk for the organization.
- Selection of digital security measures: Policy allows the establishment of criteria for the selection and implementation of digital security measures appropriate to the organization's specific needs and risks.
- Business continuity and resilience: definition of plans and procedures to ensure business continuity and operational resilience in case of safety incidents.
- Digital Safety Risk Transfer: The security policy sets rules and guidelines for the transfer of digital safety risk through insurance or other forms of risk mitigation.
- Awareness and training: inclusion of awareness and training programs to make employees aware of secure digital security practices
Although there is no significant difference in the factors that were studied during the research, it is important to elucidate the importance of adherence to national security policy . All of these processes contribute to jointly to adapt more intelligently and efficiently with the safety measures.
Pinciber was recently published, the national cybersecurity policy . Its goal is to bring guidance and basis to activities related to cyber security in the country, representing a large step in today's cyber security strategy.
90% of large companies have digital security policy
A very significant discovery of the survey is that 90% of large Brazilian companies already have a digital security policy implemented . However, this data is worrying about smaller companies.
In contrast, smaller companies have demonstrated a poor adherence to digital security policies. This lack of adherence can be a direct reflection of the lack of resources, knowledge or idea that they are not susceptible to cyber attacks because of their size or visibility. However, it is essential that even small and medium -sized companies adopt a digital security policy to increase information protection and ensure business continuity.
Acting market with greater adherence to digital security policy
Regarding the sector there are some oscillations that should be evidenced. Both the information and communication sector and real estate activities, scientific and technical activities presented more positive results regarding the implementation and adherence of a digital security policy, when compared to sectors with the worst results, such as the accommodation and food sector and the construction sector.
This difference is mainly due to the sensitive nature of the data that is manipulated and stored by these companies . While the information and communication sector has a rate of 86% of companies with a digital security policy, the real estate activities sector, professional, scientific and technical activities has 72% of companies with an implemented policy.
Already the accommodation and food sector presented a result of 39%, and the 46% construction sector that, although also dealing with sensitive data, do not have a direct impact on the discussion of the information. These numbers show that the type of information collected has a direct impact on the implementation of a digital security policy.
Just as it was elucidated in other aspects of the research, the accommodation and food sector presented the lowest adhesion rate to the digital security policy, 39%. The other sectors presented higher results, according to the values below:
- Transportation, storage and mail, 53%
- Arts, culture, sport and recreation, other service activities, 52%
- Transformation industry, 52%
- Commerce, repair of motor vehicles and motorcycles, 50%
- Construction, 46%
Adherence of new technologies by Brazilian companies
In conclusion, the ICT Enterprises-2023 survey also brought relevant data on the adherence of new technologies by companies. Although technological advancement has been considerable in recent years, many companies still have low adherence to certain resources , such as the Internet of Things and Artificial Intelligence.
Although there is growth from 21% to 29% of new technologies use between 2021 and 2023 by medium companies , it is necessary to evaluate this data more deeply . This is because this growth has happened mostly due to increased use of safety devices, such as smoke detectors, alarms and cameras.
Use of AI and IoT is little widespread in Brazilian companies
The use of artificial intelligence is led by the information and communication sector, with a 40%result. In contrast, the accommodation and food sector presented the lowest result, representing only 6% of the companies interviewed.
Regarding the implementation of automation tools through the Internet of Things, the results are similar. Leading the survey is the information and communication sector (37%), as well as larger companies (36%). The construction sector was what presented the lowest results, with 9% of the companies questioned.
The research also took into account the form of applying artificial intelligence, which questioned the following points:
- Marketing or sales;
- Production processes;
- Organization of business management processes;
- Business Management;
- Logistics;
- Digital security;
- Human resources management or recruitment.
Automation focused on digital security is led by the arts, culture, sport and recreation sector, other service activities , which presented the result of 70%, while the trade sector, repair of motor and motorcycles and the real estate activities sector, professional, scientific and techniques, administrative activities and complementary services, presented a 39%result.
The research has also taken into account companies that used smart devices or internet of things, according to the type, highlighting the use for safety of facilities such as alarm systems, smoke detectors, ports and smart security cameras . In this category, companies of all sizes presented similar results, ranging from 84% to 85%.
According to the sector, the category is led by real estate activities, professional, scientific and technical activities, administrative activities and complementary services and transportation, storage and mail, with a result of 88%. The other sectors also presented good results, such as the Information and Communication Sector (80%) and Transformation Industry (85%).
The use of emerging technologies such as artificial intelligence and intelligent automation sensors are still quite restricted, being used more often by larger companies. The advancement of technology was very present among larger companies, mainly because of the use of artificial intelligence solutions in performing everyday tasks.
Automation has been widely used in simpler tasks, such as chatbots for customer service. The tendency is that, over the years, there is an expansion of the process of automation of work tasks and flows, allowing even more complex services to perform.
It is expected that the growth of commercial supply and the deeper development of these technologies will allow companies of all sports to implement such resources in their routine.
Increased cloud use for data storage
According to the data collected by the research and the information provided by the companies themselves, the lack of use of these resources is mainly due to the lack of specialized teams to deal with this technology, acquisition cost and even ignorance of these features.
Regarding cloud processing technology, currently according to the survey one in three companies already uses this feature. While in 2019 about 23% of companies used cloud processing, by 2023 this number reached 33%. The practicality and availability that this technology offers, made this feature one of the most used by organizations.
The survey has found that in recent years, a shy increase in the percentage of companies that recognize the importance of investing in security software services has been observed . Faced with the growing threat of cyber attacks and the constant evolution of technologies, companies are increasingly aware of the need to protect their data.
Given the large increase in the use of technologies for process optimization and improvement of results, it is necessary to adopt advanced tools to protect business networks against external and internal threats. These tools allow companies to control internet access, block unwanted content, protect their confidential data and monitor the use of the network in real time.
Whether it is focused on a small company concerned with employee internet access control or a large corporation seeking protection against more sophisticated and harmful cyber attacks, this type of tool can be valuable allied in the organization's cyber protection strategy.
Conclusion
Research ICT Enterprises 2023 brought valuable insights on the use of information technology in Brazilian companies and highlighted the importance of robust digital security practices. It is evident that large companies are more advanced in the implementation of security policies, but there is an urgent need for awareness and adoption of these practices in small businesses as well.
Implementing a digital security culture, promoting continuous training and investing in protective technologies are fundamental steps to ensure data security and business continuity. Regardless of size or sector, all companies must be aware of cyber threats and adopt preventive measures to mitigate risk and protect their operations .
