Data protection: communication guides to preserve the crown jewels | Business communications magazine

A study by the Association of Information, Communication and Digital Technologies Companies (Brasscom) indicates that Brazil is expected to invest approximately 104.6 billion reais between 2025 and 2028 in the prevention of cyberattacks, which means a growth rate of 43.8%. Even as investments to prevent these attacks increase, the country remains one of the main targets for crimes of this type. The entire resource investment in technology could be lost if the gap is filled by employees.

Maria Dantas, human capital partner at Deloitte, reports that more than 90% of cyberattacks are the result of human errors. There is the inattention of employees, often overworked, but also the internal procedures adopted by the security field, which often include technical language that is difficult to assimilate. “This could be a root cause that leads us to the need for strategic partnerships within the company,” he says.

Corporate communication is precisely one of the main strategic partners for developing the culture of prevention. For the manager, the domain has the content needed to speak to employees, can make the technical framework more palatable, and reach all areas, from departmental employees to the line of business, auditing, and other strategic points.

The cybersecurity war continues. “A company can invest millions of dollars to create layers of protection with appropriate hardware and software, but they can be easily circumvented,” reflects André Gargaro, cyber partner at Deloitte. He points out that many companies are already working with the Internet of Things (IoT), which connects various devices to the network, with artificial intelligence (AI) and high levels of automation. This decentralization of vulnerable points requires maximum alert and a consolidated cybersecurity culture, he assesses.

In healthcare, for example, hospitals have been pioneers in requiring advanced protection of connected equipment, such as MRI or computerized ultrasound, to prevent incidents. Gargaro considers that the most mature sectors in terms of prevention are those with many critical operations, such as finance, energy and telecommunications.

According to him, it is better to take care of what he calls cyber awareness than to focus only on data protection training. Indeed, training can be more fragile when it presents solutions to the technological moment that the company is experiencing and which, in a few months, can change. “Two years ago, who was talking about AI in businesses? he asks. To serve the client more broadly, Deloitte has chosen to rely on the joint work of the cyber and human capital fields.

“Although, in theory, many companies recognize the impact on reputation as one of the main risks of cyber incidents, including those involving personal data, in general Brazilian organizations neglect this aspect in their efforts to prevent and prepare for potential crises,” explains Adriana Prado, Managing Director of FTI Consulting, leader in Brazil in the strategic communication segment and specialist in cyber crisis management.

For her, cybersecurity and data protection are topics that tend to be handled primarily by technical, legal and compliance areas, with little strategic communications involvement. She calls this process a lack of institutional articulation. “Today it is one of the main challenges for Brazilian companies. »

The executive recommends that communications professionals play a role that encourages dialogue between different sectors of the business on the organizational and reputational impact of cybersecurity crises. “During large-scale incidents, it is likely that most, if not all, areas of a business will be impacted in one way or another, requiring consistent communication with different stakeholders, balancing often conflicting priorities. »

A general culture of data protection across all environments of a business is also considered fundamental by Iskander Sanchez, Director of AI and Innovation at Gen Digital. The global company, which operates through brands including Norton, Avast and Lifelock, recorded 140,000 AI-generated phishing sites, an increase in AI-generated SMS scam campaigns and an 82% growth in data breach incidents between July and September. The organization also blocked approximately 37 million fingerprinting attempts per month.

For the enterprise, the findings reveal an increasingly personal threat landscape, in which criminals use AI to automate persuasion and capture high-value credentials across the Internet. Sanchez emphasizes that adopting AI and automation can bring operational improvements, but it also creates new areas of concern when not implemented with a security-first approach. AI-based tools can make certain attacks evolve faster or more convincingly, particularly those that rely on social engineering.

Isa Correia, director of marketing and communications at Seguros Sura Brasil, emphasizes that there is no security without attention, and that attention is a human factor. For her, technology supports protection, but is ineffective if it is not accompanied by appropriate behaviors. “At Sura, more than an ally, communication takes us off autopilot – precisely where cyberattacks thrive. If humans learn through stories, communication organizes those stories to transform information into learning and reinforce safe choices,” he says.