Brazil’s Pátria debuted Security Ecosystem Knowledge (SEK) a year ago with the aim of filling what it saw as gaps in the fragmented market of network security and systems security for large companies.
Created from the merger of two other companies in Pátria’s portfolio, Proteus and Neosecure, SEK has grown 25% since then, compared with average growth of around 15% in the security market, according to CEO Maurício Prado.
Pátria has committed to invest US$250mn in cybersecurity in Latin America.
With headquarters in Brazil and operations in Chile, Argentina, Colombia and Peru, in addition to R&D centers in the US and Portugal, the company lists some 700 active clients, is working on new technologies and is also looking for more acquisitions.
In this interview, Prado and the company’s portfolio and strategy director, Fernando Galdino, share their views on the market and the future of the firm.
BNamericas: Security is often the first or second investment focus for companies when it comes to technology. How has SEK taken advantage of this in its first year of operations and what is to come?
Prado: I would say that 2023 was the first year but also our 20th year [considering Proteus’ and Neosecure’s operations]. We did a lot of integration, standardization, building new things. And yet we had a very significant result. We grew 25%, while the cybersecurity market grew around 15%, and with that we gained market share.
Our 2023 agenda was very internal in general. Despite this, we made our first acquisition [Brazilian startup CleanCloud], we standardized the offerings, the sales management model and our services.
This year will be a year of acceleration – taking everything we’ve built and enhancing the company’s growth. We have very ambitious plans.
BNamericas: How were operations in the company’s other markets in Latin America?
Prado: We grew in practically all of them. Some a little more, others a little less. Even Argentina, which is going through a complex time, managed to have healthy growth, well above what I expected.
In Brazil, we already had some operations, but we had significant organic growth. The country grew exponentially more than others, starting from a smaller base.
In Peru, where we weren’t so mature, we had a huge leap. Colombia did very well too.
In Chile, where we have the largest operation, we grew more or less in line with the market. When you already have a large presence, it’s difficult to grow much faster.
BNamericas: You spoke about the organic growth in Brazil. How much was invested, excluding acquisitions?
Prado: In 2023 we invested approximately US$15mn in the country. We brought all the offerings, services and products that we had outside Brazil – in Chile, Argentina, Peru and Colombia – to the country. We exchanged and integrated. We took the portfolio from there to Brazil and took the Brazilian portfolio there too.
We also hired marketing, sales and pre-sales teams and launched our SOC [Security Operations Center] for threat detection in the country.
BNamericas: What are the prospects for 2024 and are there new acquisitions on the radar?
Prado: There’s a lot happening in this sector. As you said, security is one of companies’ priorities. At the same time, this isn’t a very structured market in the sense that it’s quite fragmented, segmented, with different solutions and players around.
In the world of ERP, you have three or more consolidated players. The same thing in the world of CRM. In the world of cybersecurity, to give you an idea, we represent around 40 companies.
That’s a headache for large customers, having to deal with multiple solutions and players, and the partners and integrators of each one.
Our investment thesis is specifically to be this great integrator, to stitch all of this together and combine everything in the same ecosystem and in a single point of contact. That’s where our name comes from.
With this, we’re also no longer competing with someone who’s a single specialist in a single part of the chain.
We believe that this year, the cybersecurity market should grow by around 15% again, perhaps a little more. Our forecast is to grow three times because we understand that we have greater capacity to deliver all of this and we’re making all the necessary investments.
BNamericas: What about acquisitions, which are in the company’s DNA?
Prado: We were created with the objective of consolidation. It’s our goal as a company. We want to be the biggest pure cybersecurity player in Latin America.
There are large companies working with cybersecurity, big consultancies. But they also have over 50 other offerings. And then there are small companies that specialize in cybersecurity niches. Our idea is to be a consolidator of all this.
We already have a lot of expertise with the team we’ve built and the acquisitions we’ve made. But we’re looking at the market for complementarity – a solution I don’t yet have, someone who can open up a new geography in Latin America or even within a country, or someone who can enhance what I already have.
Yes, we will make new M&As and we have an internal team dedicated to this. But forecasting M&As is complex. Whether it will be three, five or 10 depends on several factors.
BNamericas: Picking up on one of the acquisition drivers you mentioned, what is still missing from the portfolio today?
Galdino: We already have a good part of the capabilities in our portfolio but there are areas where there’s potential and which we intend to expand. Exposure management, for example, is an area that in Brazil, in the region, isn’t well developed compared with the US. One of the acquisitions we made was thinking about this vertical.
Another is managed services. Today we’re already one of the most important players in this segment, but we understand that it’s an operation that constantly needs to improve.
Prado: We’re also looking at specialization by industry and vertical.
In any case, and I don’t want to sound arrogant, but today we’re already the most complete and largest player, geographically speaking, in the sector in Latin America in terms of revenues, the number of people, which is around 900 professionals and diversity of offerings.
We’re in nine of the largest banks in the countries in which we operate. In health, we have a really high percentage in companies. In manufacturing, the same thing.
BNamericas: New AI capabilities will enhance and improve cyberattacks, increasing the vulnerability of companies and that’s something that’s probably just beginning. From a defense point of view, do you also see these new forms of technology as allies?
Prado: We already use algorithms and AI for defense processes. We detect around 48,000 attacks per month with 900 employees at the company. It’s the combination of data and patterns that allows this volume to be processed in this way.
With the arrival of generative AI, the attacks, deep fakes, phishing, social engineering, they’re going to grow exponentially but the market isn’t far behind. We think in advance and we’re also learning from the first attacks.
BNamericas: A lot in the field of generative AI threats is expected to come via social engineering, with the user or company being tricked and then infected. In this respect, will cybersecurity find it very difficult to act preventively? Will the work be much more about response and damage limitation?
Galdino: After ChatGPT, you have an impressive globalization and democratization of the attack arsenal. Today, someone who’s in Russia trying to carry out a phishing attack can put together a perfect script in Portuguese, in Spanish.
You’re right, there’s a challenge in acting preventively. But in any case, there are also some security layers that already have this level of intelligence as well. The name of the game today is to act quickly and respond assertively. Now, we also need to act on the education and knowledge side.
BNamericas: There’s a lot of talk in the market that companies in Latin America pay more for ransomware than companies in other markets. Have you observed this?
Galdino: It’s difficult to say, because ransom payments aren’t usually made public. But ransomware attacks have been on the rise.
This year will be a decisive one from a regulatory point of view, because companies in the United States will be required to declare and notify this type of incident, and regulatory bodies in other countries often follow these guidelines, so it could be a gamechanger in terms of transparency.
Prado: And it’s a delicate situation. How will a multinational company that pays US$100mn in ransom to free up its system declare this to compliance? If you’re paying a criminal, you could potentially have legal implications as well. There are already precedents in this regard.