NZ employers “struggling” with cyber security

The latest PwC report suggests Kiwi companies may be over-investing in the wrong areas while neglecting others.

New Zealand employers are largely aware of the risk cyber security poses to their business but, if one new report is to be believed, many are still struggling to address the issue effectively.

“It’s heartening to see the change in perceptions among businesses in their approach to cyber security,” says Adrian van Hest, partner and cyber practice leader at PwC New Zealand.

“However, leaders are struggling to fully grasp the breadth of cyber risks their organisations face and the value of the data they are gathering, let alone translating awareness into action,” he continued.

Van Hest’s comments come after PwC released the first part of its Global State of Information Security Survey for 2017 – the report tracks the transformation that digital business models are bringing to local companies as well as the impact it’s having on their cyber security efforts.

“Companies that are making this transition to a digital operating model have to make cyber security central to their transformation efforts,” stressed van Hest.

According to the report, New Zealand organisations are over-reliant on basic penetration tests with 63 per cent employing them as their primary approach.

The pre-emptive measure identifies weaknesses in a company’s IT infrastructure so they can be addressed before they lead to a security breach but while they’re undeniably important, they don’t address the biggest risk – insiders and business partners.

In this year’s report, a notable 21 per cent of survey respondents said security breaches had originated from business partners – more than double the 10 per cent who said the same in 2016.

“A major concern is the focus on only a narrow range of methods to detect cyber security weaknesses,” says van Hest. “New Zealand companies are over-reliant on very basic penetration tests, and less focused on understanding their risk, let alone more advanced analytics and how to respond when something actually happens.”

The report suggests New Zealand employers invest more heavily in comprehensive identity management systems while enforcing tighter control over administrator privileges – much like their international counterparts.
Third parties also pose a major risk for Kiwi companies yet just 29 per cent of firms said they evaluate the security of their suppliers.

“Rather than trying to ring-fence their organisation, companies now have to develop a proactive security approach across their entire digital presence. That means holding suppliers accountable for breaches, addressing the risk from employees and treating customer data privacy as a competitive advantage,” says van Hest.

“Every organisation’s cyber security approach has to begin with understanding their risk profile. Only then can they develop a strategy to protect their assets, detect when they experience a breach and then respond and recover effectively.”

Recent stories:

Could Colin Craig’s case undermine the ERA?

Why HR can’t afford to ignore change fatigue

Women a “boon to corporate governance”