Society, today, is heavily dependent on communication network systems that, if they prove to be unavailable, can put essential sectors of the country on hold and drastically affect the operation of companies. Faced with this reality, it is essential that organizations prioritize the structuring and maturation of processes and actions in information security. 

Aiming to map the maturity of the RNP System in terms of information security and privacy, RNP's Information Security and Privacy Report shows the main gaps and challenges facing educational and research institutions in this area in 2021.   

To carry out this survey, RNP invited the institutions of the RNP System to share their experiences in security and privacy through a questionnaire. The report converges with the growth of the cybersecurity agenda.  

According to the report, in the RNP System, 70% of the institutions do not have a formalized annual cybersecurity plan. This shows that a large part of the system still does not have actions aimed at mapping cyber risks, building mitigation strategies, monitoring security, and acting in response and recovery. In addition, the lack of annual planning also disables the prioritization of information security in all business processes.  

The report also showed that 79% of the institutions still do not have an internal budget for information security actions and that 43% of the institutions do not have an Information Security manager formally appointed by senior management.   

The survey also included a maturity session on data privacy processes. With the General Data Protection Law (LGPD), organizations of the most diverse natures and sectors are racing against time to adapt to the new law.  

In the RNP System, organizations are at different stages of maturity in the adaptation process. According to the report, the LGPD is on the radar of most of them, since 84% indicated that they had started the adaptation process. Many (42%), however, are still in the first phase of the process, that of preparation. These, among others, are some of the data present in the report.  

The document contains several other relevant numbers on privacy and information security on the entire RNP System. Of the 256 invited institutions that received it, 59.4% (152) of them accessed the questionnaire and 23.4% (60) answered the survey in full.  

Access the report and see the complete data