McAfee Report – How Much Information Risk – Brazil

February 27, 2009

Last month I wrote about content from this report about China. Today I would like to do the same for Brazil.

For review, McAfee sponsored an international team who surveyed more than 1,000 senior IT decision makers in the US, UK, Japan, China, India, Brazil and the Middle East regarding how they currently protect their companies digital data assets and intellectual property, and performed what appears to be relatively broad research on a range of survey-related topics.

The results of their work was released a few weeks ago under the title “Unsecured Economies.”

They start with an assumption that “a distributed network of unsecured economies has emerged with the globalization of many organizations, leaving informational assets even more at risk to theft and misuse.”

The report describes their findings about cybercrime risks for key global players, along with their conclusions about need for organizations to take a more holistic approach to vulnerability management and risk mitigation in this rapidly-evolving global business climate.

I also read and think about how to characterize information and technology infrastructure and operations risks associated with doing financial services business in Brazil.  With that in mind, I just scanned the 36-page McAfee report for its findings concerning Brazil, and found the following interesting statements:

  1. Respondents reported that there has been an increase in outsourcing activities Brazil [page 5].
  2. Nineteen percent of respondents are storing and/or processing intellectual property in in South or Central America. [page 5]
  3. Respondents estimated that intellectual property worth approximately $1.4 million per firm is stored, accessed and managed overseas at firms in Brazil [page 4]
  4. 27% of Brazilian respondents reported spending 20% or more of the IT budgets on security [page 6].
  5. A number of factors are influencing the trend for companies to store vital information offshore.  Twenty six percent of respondents cited cost reduction. The ability to safely store vital information is a key factor according to respondents in Brazil. [page 6]
  6. Even as the threats increase, 31 percent of Brazilian respondents reported that they will decrease spending on protecting their vital information as a result of the ongoing financial situation. [page 7]
  7. Fifty nine percent of respondents said that they were worried about the security threat from financially strapped employees. . [page 9]
  8. “The current economic situation has potential for laid-off employees to start up companies using the stolen information,” said Rento Opice Blum, a Brazilian lawyer and professor. [pages 9-10]
  9. Approximately 30% of respondents ranked the threat level in Brazil as high. [page 12]
  10. The report explained that Brazil is a large developing nation, people rich and eager to develop the economy. They conclude that there “is concern” that individuals and institutions in Brazil too often choose the cheapest way [not necessarily the ethical way], by investing in industrial espionage. [page 14]
  11. Approximately 15% of respondents said that they would not do business in Brazil. [page 14]
  12. Many regional respondents communicated concern about the enforcement of laws and policies. Brazil was rated by respondents as the most ill-prepared to defend against threats by respondents [they also included Pakistan in that category]. [page 17]
  13. According to Renato Opice Blum, a Brazilian lawyer and professor, “The main problem is that Brazil’s enforcement and judicial systems are too immature to deal with information threats. Brazilian laws do not specifically target information crimes and, hence, companies have to rely on laws designed to address traditional crimes of a more physical rather than virtual nature. This means that the burden of the proof is much higher. [page 17]
  14. Respondents identified industrial espionage as the fourth most serious threat to information. Brazil was highlighted as having a culture that does not embrace the expectation that companies making research and development investments should reap the resulting rewards of their effort. [page 21]

I understand that this is only one source, and may say as much or more about the author’s biases than it does about the “real” risks of doing business in Brazil.  But they, and McAfee must have some strong data, or strong feelings to generate this risk report…  What do you think?

I will check some other sources and report back on what I find. I will also summarize what the McAfee report has to say about India in a future post.

If you have additional resources, data, or experience, please let me know.

— References —

McAffee Report “Unsecured Economies“: http://resources.mcafee.com/content/NAUnsecuredEconomiesReport


%d bloggers like this: