Brazil has joined the group of the three most attacked countries in the world. In 2025 the country recorded roughly 754 billion cyberattack attempts and concentrated 84% of all attempts in Latin America, while the average cost of a data breach reached R$7.19 million. This landscape brings together the most relevant figures of the 2025-2026 cycle, with their sources, and what they mean for your company. All data refers to Brazil.

We compiled the data from leading public reports (Fortinet, IBM/Ponemon, ESET, Redbelt and industry bodies) and organized it into a single read, with Decripte's analysis. It is updated periodically.

The landscape in numbers

The scale of attacks against Brazil grew sharply in 2025. The volume indicators:

Indicator (Brazil, 2025)NumberSource
Cyberattack attempts during the year~754 billionFortinet (FortiGuard Labs)
DDoS attempts743 billion (+119% YoY)FortiGuard Labs
Most attacked month (October 2025)198 billion attemptsFortiGuard Labs
Brazil's share of Latin America84% of attemptsIndustry reports 2025
Incidents recorded in the first half+100 thousandESET / WeLiveSecurity
Global growth in attacks+44% YoYCheck Point (via IBSEC)

Brazil ranks among the three most targeted countries on the planet — the result of a mature digital economy (Pix, open finance, e-commerce) combined with a growing attack surface and uneven defensive maturity across companies.

How much a breach costs

According to the Cost of a Data Breach 2025 report (IBM/Ponemon Institute, 600 global organizations, Mar 2024-Feb 2025), the average cost of a data breach in Brazil reached R$7.19 million — a 6.5% rise over the R$6.75 million of 2024. The cost varies sharply by sector:

SectorAverage breach cost (Brazil, 2025)
HealthcareR$11.43 million
FinanceR$8.92 million
ServicesR$8.51 million
Overall average (all sectors)R$7.19 million

The same report notes that threat intelligence reduced the average cost by R$655 thousand and AI governance by R$630 thousand — yet 87% of Brazilian organizations have no AI governance policy and 61% have no AI access controls. The gap between those who invest in detection and those who do not is what separates a contained incident from a multimillion-real crisis.

Ransomware

Ransomware remained the threat with the greatest financial impact. In 2025 Brazil recorded roughly 35 thousand ransomware incidents, and at least 87 Brazilian organizations confirmed a compromise through October — already surpassing the 2024 total (ESET/WeLiveSecurity; Redbelt). Isolated cases reached R$400 million in direct and indirect losses. The trend is toward double extortion (encryption + leak) and attacks via the supply chain and suppliers.

Data and credential leaks

Brazil holds 7th place in the global data-leak ranking and recorded a 24x increase in account breaches in 2024 over the previous year. Leaked corporate credentials (via infostealers and credential-stuffing databases) are today one of the main intrusion vectors — frequently the entry point that precedes ransomware and fraud. Monitoring the exposure of domains, emails and credentials on the dark web is no longer optional.

Phishing and Pix fraud

Phishing remains the dominant social engineering vector in Brazil:

  • 309 million phishing attempts blocked in Brazil — equivalent to 588 attacks per minute, 24/7.
  • 28 million frauds involving Pix, with losses of R$2.7 billion — most of them through social engineering.
  • Coordinated operations diverted as much as R$2.1 billion from payment intermediaries in a single quarter.

What these numbers mean for your company

Three practical readings of the landscape:

  1. It is not a question of "if," but of "when." With 588 phishing attacks per minute and hundreds of billions of attempts a year, every connected company is a target — regardless of size or sector.
  2. Detection pays for itself. Those who operate threat intelligence and continuous monitoring reduce the cost of an incident by hundreds of thousands of reais. The difference between R$7 million and a contained scare lies in visibility.
  3. The weakest link is the exposure you can't see. Leaked credentials and forgotten assets are the entry point. Mapping the external attack surface is the first step.

That is exactly why Decripte offers free Threat Management: in about 60 seconds, the scan looks up your company's CNPJ (Brazilian corporate tax ID), domains and corporate emails in leaked-credential databases, on the dark web and in threat intelligence sources — showing what is already exposed before it becomes an incident.

Methodology and sources

The figures in this landscape are compiled from leading public reports and updated periodically by the Decripte team. All data refers to Brazil. Main sources of the 2025-2026 cycle:

  • IBM Security / Ponemon Institute — Cost of a Data Breach 2025 (Brazil cut).
  • Fortinet / FortiGuard Labs — telemetry of attack attempts in Brazil in 2025.
  • ESET / WeLiveSecurity — review of incidents and ransomware in Brazil in 2025.
  • Redbelt Security — analysis of attacks in Brazil in 2025.
  • Check Point Research — global attack trend.

Values may vary between methodologies; when sources diverge, we prioritize the most recent report with the largest sample. To cite this landscape, reference "Cyber Incident Landscape in Brazil — Decripte."