Skip to main content

With the increase in cyber incidents, companies focus on adapting and protecting their ecosystem.

São Paulo/SP 11/4/2021 – Resolutions, regulations and frameworks with a common objective – to increase the ecosystem’s resilience to cyber attacks.

With the increase in cyber incidents, companies focus on adapting and protecting their ecosystem.

The rise in the number of cyber incidents has made companies seek compliance with security standards in order to strengthen the resilience to cyber attacks of all ecosystems in which they are inserted.

The concern of companies with cyber risks has grown in recent years, and it was accentuated during the pandemic, as projects of digital transformation and adaptation tonew normal” had their design and implementation times shortened and accelerated.

The pandemic scenario, along with the digital acceleration of companies, has caused an increase in the number of cyber incidents, according to data. from the IBM X-Force Threat_Intelligence_2021 report.

In view of this scenario and with the concern of companies with the cybernetic “shielding” of their ecosystems, there was a mobilization on the part of local authorities, regulatory agencies and associations of companies, in the sense of promoting and encouraging good practices for the implementation of cybernetic controls by the of the companies that are part of the ecosystem, thus promoting the elevation of maturity and increasing the resilience to cyber attacks of those involved.

Resolutions, regulations and frameworks with a common goal – to increase the ecosystem’s resilience to cyberattacks

At the forefront of this process, the Central Bank of Brazil, in 2018, through of Resolution No. 4,658, established controls for structuring cyber policy by the institutions authorized by this agency, as well as establishing processes for evaluating their suppliers at the time of contracting, in order to certify that the companies that make up the financial ecosystem have cyber controls. In this year 2021, a new Resolution (no. 4893) was published, with minimal and complementary changes to the provisions of Resolution No. 4658.

Another highly regulated sector of the economy, the electricity sector, has also sought consensus for the definition of a regulation of cyber controls for mission-critical infrastructure with the aim of mitigating the risk of cybersecurity incidents in the electricity sector. Although there is no consensus, the defined alternative is to create regulatory frameworks (regulatory enforcement) to establish that sector agents establish a cybersecurity policy.

“Regardless of the sector or ecosystem in which the company is inserted, the objective of these resolutions, regulations or frameworks is to increase the resilience to cyber attacks of the actors involved, since, in addition to the exchange of information and/or systemic interconnections between companies, there is an interdependence of processes and activities, for example, if we think about the industrial sector”, explains Eduardo Camolez, partner at Safeway, a consultancy specializing in Safety, Risk and Compliance.

In this sense, the automotive industry has also been concerned with the issue of cyber risks and with adapting the companies involved in its ecosystem. Recently, IATF 16949, while focusing on quality, published a update for cyber controls coverage, since the sector has great integration between companies and, in the event of a cyber incident, the entire ecosystem could be impacted.

Concerns about cyber risks are expected to remain high

Companies seek to adapt their environments, following the guidelines for the implementation of cyber controls, according to resolutions, regulations and frameworks, however, it is increasingly common to search for cyber insurance, in order to cover, at the same time, risks property and civil liability in the event of a cyber incident. In 2021 alone, there was an increase of more than 130%.

It is important to emphasize that insurance must be a complementary control in the company's cyber strategy and that the level of its cybernetic maturity will directly impact its hiring, therefore, it is essential to have an adaptation plan that will enable the company to remain able to develop businesses in your ecosystem.

For Eduardo Camolez, the concern with companies' resilience to cyber-attacks will only increase. “It is notable the increase in demand for business continuity projects, or revision of these in recent months. It is worth mentioning that the continuity process encompasses other types of risks, not just cyber risks”, he says.

— Eduardo Camolez is Partner, Lead of GRC at [SAFEWAY] 

About Safeway:

THE SAFEWAY is a company of Information security, recognized by its customers for offering high added value solutions, through Information Security projects that fully meet the needs of the business. In these years of experience, we have proudly accumulated several successful projects that have given us credibility and prominence among our clients, which largely constitute the 100 largest companies in Brazil.

Today through more than 23 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!