Spatiotemporal Patterns, Typology and Survival Analysis of Cyber Incidents in Brazil

DOI: https://doi.org/10.5753/sbseg.2025.10701

Abstract


Cyber incidents, such as data breaches, ransomware attacks and vulnerability exploitations, are consistently impacting Brazil. This study analyzes 1249 cyber incident reported to the Brazilian National Data Protection Authority from 2021 to 2025. We identify São Paulo and the Federal District as the most targeted states, with ransomware being the most prevalent attack type. The Kaplan-Meier survival analysis reveals rapid incident recurrence in major regions and of certain types of incidents, such as ransomware, vulnerable systems and credential theft. This study provides a foundational overview of Brazil’s cybersecurity scenario. The findings emphasize the importance of enhancing incident reporting and of improving proactive defenses.

References

Almahmoud, Z., Yoo, P. D., Alhussein, O., Farhat, I., and Damiani, E. (2023). A holistic and proactive approach to forecasting cyber threats. Scientific Reports, 13(1):8049.

Bhardwaj, G., Gupta, R., Srivastava, A. P., and Singh, S. V. (2021). Cyber threat landscape of G4 nations: Analysis of threat incidents & response strategies. In 2021 2nd International Conference on Intelligent Engineering and Management (ICIEM), pages 75–79. IEEE.

Bradley, T., Alhajjar, E., and Bastian, N. D. (2023). Novelty detection in network traffic: Using survival analysis for feature identification. In 2023 IEEE International Conference on Assured Autonomy (ICAA), pages 11–18. IEEE.

Ferreira, L. V. (2022). Cybersecurity and ransomware in the brazilian government. Revista InterAção, 13(1):58–65.

Hurel, L. M. and Lobato, L. C. (2021). Cyber security governance in brazil: Keeping silos or building bridges? In Routledge companion to global cyber-security strategy, pages 504–518. Routledge.

Perera, S., Jin, X., Maurushat, A., and Opoku, D.-G. J. (2022). Factors affecting reputational damage to organisations due to cyberattacks. In Informatics, volume 9, page 28. Multidisciplinary Digital Publishing Institute.

Pimenta Rodrigues, G. A., Marques Serrano, A. L., Lopes Espiñeira Lemos, A. N., Canedo, E. D., Mendonça, F. L. L. d., de Oliveira Albuquerque, R., Sandoval Orozco, A. L., and García Villalba, L. J. (2024). Understanding data breach from a global perspective: Incident visualization and data protection law review. Data, 9(2):27.

Ponce, L. M., Gimpel, M., Ribeiro, I., Oliveira, E., Cunha, Í., Hoepers, C., Steding-Jessen, K., Chaves, M. H., Guedes, D., and Meira Jr, W. (2023). Um arcabouço para processamento escalável de vulnerabilidades e caracterização de riscos à conformidade da LGPD. In Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg), pages 15–28. SBC.

Rodrigues, G. A. P., Fernandes, P. A. G., Serrano, A. L. M., Rocha Filho, G. P., Vergara, G. F., Bispo, G. D., de Oliveira Albuquerque, R., and Gonçalves, V. P. (2025). From RockYou to RockYou2024: Analyzing password patterns across generations, their use in industrial systems and vulnerability to password guessing attacks. Journal of Internet Services and Applications, 16(1):69–86.

Rodrigues, G. A. P., Serrano, A. L. M., Vergara, G. F., Albuquerque, R. d. O., and Nze, G. D. A. (2024). Impact, compliance, and countermeasures in relation to data breaches in publicly traded US companies. Future Internet, 16(6):201.

Shandler, R. and Gomez, M. A. (2023). The hidden threat of cyber-attacks–undermining public confidence in government. Journal of Information Technology & Politics, 20(4):359–374.
Published
2025-09-01
How to Cite

Select a Format
RODRIGUES, Gabriel Arquelau Pimenta et al. Spatiotemporal Patterns, Typology and Survival Analysis of Cyber Incidents in Brazil. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2025 . p. 1122-1129. DOI: https://doi.org/10.5753/sbseg.2025.10701.

Most read articles by the same author(s)