New research urges businesses to include people in cybersecurity strategy
Business leaders across New Zealand have cited employees as the top threats to their cyber security posture, according to a new report from Kordia.
Employees accidentally exposing the business emerged as the top threat to cyber security according to 219 business leaders involved in the survey. Other top threats include:
Despite employees being a top cyber risk, the report found that many organisations are still struggling to get basic cyber hygiene practices in order.
Some 14% of the respondents have no awareness or training programmes in place for employees, while 23% have not practices an incident response plan, according to the report.
One in four business leaders are also facing challenges in finding skilled talent to manage their cyber security.
"The cyber security labour market is incredibly tight, both globally and here in New Zealand, so being able to hire and retain skilled people is crucial," said Alastair Miller, Principal Consultant at Aura Information Security, Kordia's cyber security advisory and testing consultancy, in a statement.
Existing employees in cybersecurity are also suffering from burnout due to high workloads, according to one in five business leaders.
"With four in five NZ large businesses in our survey saying they faced a cyber incident in the past twelve months, these incidents will likely be taking a significant toll on the wellbeing of many of our cyber security leaders and their teams," Miller added.
The findings come as the report found that more than 80% of the surveyed business leaders said they experienced some sort of cyber incident or attack in the past 12 months.
Approximately one in three of them said the incident was serious enough to cause operational or business disruption. Another 28% of business leaders also said they saw resignations related to cyber incidents.
"While this number is higher than what we have typically seen in the market, it may indicate an emerging trend," the report said.
Some 27% of business leaders also said their reputation as an organisation suffered after getting hit by a cyber incident.
Among the focus areas the Kordia recommended for business leaders in 2024 is to include people in their cyber security strategy.
A once-a-year online training programme on cyber security is no longer effective, the report said, noting the need for better awareness and adoption of security behaviours across the organisation.
"Business leaders need to champion a culture change within the organisation, that sees all employees adopting a mindset shift," the report said. "Start by making cyber security a priority at the top of the organisation, to embed responsibility."