By Anderson Nascarella
Carnival is traditionally associated with festivities, joy, celebration, and a break from routine. However, in the context of an increasingly digital world, this period of collective distraction reveals an uncomfortable contradiction: while people and businesses slow down, the digital environment remains fully active, and with it, cyber risks. In 2026, talking about a "connected Carnival" means acknowledging that the logic of the festival coexists with a technological infrastructure that doesn't slow down, creating a scenario where decreased human attention silently transforms into an opportunity for digital crimes.
This concern is neither abstract nor exaggerated. Recent reports from the consulting firm Gartner indicate that 91% of CIOs intend to increase investments in cybersecurity by 2025, which demonstrates a clear perception that digital risk has ceased to be episodic and has become structural. This data shows that IT leaders understand that protection is no longer a complement to operations, but an essential part of business continuity. Even so, there is a difference between recognizing risk strategically and managing it in daily practice, especially during periods marked by reduced staffing, collective vacations, and less operational vigilance.
Festive moments, such as Carnival, expose a vulnerability that goes beyond technology: the dependence on the human factor. A less rigid routine favors the use of public networks, remote access to corporate systems from personal devices, and quick decision-making in informal contexts. This combination creates fertile ground for scams based on social engineering, credential theft, and process flaws. It's not just about sophisticated attacks, but the systematic exploitation of predictable behaviors in environments with less attention and control.
The economic impact of this phenomenon also helps to illustrate the gravity of the problem. Studies published in 2025 by the International Monetary Fund (IMF) indicate that cybercrime is expected to cost the global economy US$23 trillion in 2027, an increase of US$17513 trillion compared to 2022. This growth projects digital crime as one of the greatest transnational economic threats of the next decade, surpassing, in financial impact, many traditional productive sectors. The expansion of this cost stems not only from the technical sophistication of the attacks, but also from the constant expansion of the surface area of exposure: more connected systems, more data circulating, and more interdependence between critical infrastructures and digital networks.
When these two trends converge—the escalating global cost of cybercrime and the temporary reduction in surveillance during festive periods—a significant paradox arises. The culture of pause, necessary from a social and human perspective, is not accompanied by an equivalent pause in digital criminal activity. On the contrary, the predictability of calendars becomes a strategic variable for malicious actors, who exploit precisely the moments when institutional attention decreases.
Reflecting on the “connected Carnival” is, therefore, reflecting on the illusion that digital risks follow the same rhythm as social life. They don't. What changes is our attitude towards them. If security is treated only as a technical function, it weakens when human structures become dispersed. If it is understood as organizational culture, integrated into behavior, processes, and management, it tends to better withstand the fluctuations of the calendar.
A party, by definition, is fleeting. The effects of a cyberattack, however, can last for weeks, months, or even years. In a scenario where cybercrime is projected to be one of the biggest global costs of the next decade, distraction ceases to be merely an emotional state and becomes a risk variable. The contemporary challenge is not to eliminate moments of celebration, but to recognize that, in the hyper-connected world, attention to security cannot take a break along with the workday. Because, if there's one thing the data clearly indicates, it's that digital risks don't take vacations; they just wait for someone to let their guard down.
*Anderson Nascarella is the Business Sales Manager at Adistec Brazil.
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
