More than half of Kiwi businesses hit by cyber-attack last year: report

But who should be responsible for protecting organisations?

More than half of Kiwi businesses hit by cyber-attack last year: report

More than half of Kiwi businesses suffered a cyber-attack or incident in the last year.

Findings released by Kordia revealed that 55% of 213 surveyed businesses were subject to a cyber-attack in the past year, with phishing accounting for 37% of the attacks reported.

The attacks saw commercially sensitive data or intellectual property accessed or stolen for almost one-fourth of the businesses.

It also caused a loss of future business or sales for one-fifth of the businesses because of reputation damage.

Despite these consequences, one in five businesses said they have no plans to deal with a cyber-attack. For 85%, they said that they are confident in their cybersecurity safeguards, found the survey.

But defence isn't the only thing that should matter for businesses, according to Peter Bailey, Regional Cyber Security Business Manager at Kordia.

Bailey said organisations also need to "develop a response plan to ensure that if their organisation is successfully breached, they have the right things in place to recover quickly – ideally with their reputation and systems intact."

"New Zealand is not immune to the ravages of cybercrime. Our geographic isolation isn't relevant when there is money to be made – we're just as at risk as anywhere else in the world," Bailey said in a statement.

Who should be responsible?

The true cost of cyber-attacks in the country could spiral into "millions of dollars annually," according to the Kordia report. This would cover the loss of productivity, reputation, fines, and paying ransoms.

But despite the massive threat it brings, another research revealed that even organisations are unsure on who should be responsible in protecting them from cyber risks.

KnowBe4 recently found that only 38% of IT decision-makers believe that it is everyone's responsibility to protect the organisation from cyberattacks, while only 52% of employees agree with this sentiment.

According to employees, protecting the organisation from a cyber-attack should be the responsibility of the:

  • IT department (19%)
  • Employees (14%)
  • Technology (21%)

Only 10% believe that it is the government's responsibility to shield them from security risks, much lower than the 59% of IT decision-makers who think this should be the case.

"It is clear from our research that Kiwi IT leaders and businesses are not feeling supported by the government when it comes to security issues," said Jacqueline Jayne, Security Awareness Advocate for APAC at KnowBe4, in a statement.

According to the surveyed IT decision-makers, the government should be:

  • Providing more education and awareness to all citizens about the cyber risks and how to stay safe online (37%)
  • Providing more training for Kiwi businesses on cyber risks (24%)
  • Providing more funding for Kiwi businesses for cyber protection (20%)

"The reality is that cyber threats are so pervasive that keeping individuals and businesses safe requires a combined effort from the government, business leaders, IT departments, and employees alike. There is no panacea or magic technology solution that will protect your business. Everyone needs to be educated about potential threats and how to avoid them," Jayne said.