A third of New Zealand businesses believe the country is at a reduced risk of cyber attacks than the rest of the world, while six out of ten aren’t ‘very confident’ that they could withstand an attack, a new survey from Aura Information Security has found.
“Thousands of cyber attacks are happening across the world every minute. New Zealand is just as vulnerable to these threats as any other nation,” says Aura Information Security general manager Peter Bailey.
The survey polled more than 230 IT decision makers in businesses with 20 or more employees across New Zealand.
Alarmingly, over a third of respondents believe the country is at less risk of cyber-attacks than the rest of the world.
“Nothing could be farther from the truth,” says Bailey, adding that the slightly more than 40% of respondents who indicated that New Zealand is just as at risk as the rest of the world have a much better understanding of the challenge that local businesses are facing.
New Zealand businesses a target
The misconception that New Zealand is at less risk is surprising, considering 40% of businesses reported being targeted by one to five ransomware or phishing attack per quarter; 20% estimate the number of attacks is closer to between five and 10 incidents and 10% said they are subject to 15 or more.
“This confirms the wide prevalence of cyber attacks on New Zealand businesses, which is why we were concerned so many of those surveyed consider New Zealand safer than the rest of the world,” says Bailey.
“Cyber criminals operate in much the same way as legitimate businesses, using similar automation and artificial intelligence tools to identify opportunities and then focusing their attention from where the best results are likely to flow.”
Those businesses that believe they haven’t been targeted, he goes on to add, probably just don’t know that it has already happened.
- A general expectation that cybercrime will continue to grow. 70% of businesses anticipate an increase in the frequency and complexity of cyber attacks in the coming 12 months
- Budgets are increasing. Two-thirds of respondents anticipate an increase in budgets dedicated to cybersecurity.
- Training and policies in place, but questions over effectiveness. Most companies (more than 70%) say they have policies or training in place to prevent cyber breaches), but only four in ten are very confident in these measures as a key line of defence. And just six in ten businesses have assessed the impact a significant cyber breach would have on their business.
- The basics are still ignored. Even managers aware of the risks tend to overlook the basics. Almost 40% of businesses do not carry out regular penetration testing.
- Personal attacks. Four in ten respondents were personally targeted by phishing or ransomware attacks.
Comparisons with Australia
Broadly, cybercrime perceptions across the Tasman mirror those of New Zealand, with several notable exceptions.
- Where in New Zealand, some 70% of businesses provide some form of cybersecurity reporting to the Board or senior management, the number is higher in Australia, at 80%. This is perhaps owing to the tighter regulatory environment ushered in by the recently introduced Notifiable Data Breaches Scheme. The EU General Data Protection Regulation has some effect, too: 33% of Kiwi businesses report a requirement to comply, and 39% of Australian ones.
- A slightly higher percentage (80%) of Australian businesses have training or policies in place to prevent a cyber breach (NZ: 73); confidence in the likely success of those policies is high for businesses in both nations.
- More Australian businesses expect to be a target of an attack in the coming year at 36% versus New Zealand’s 27%; and more Australian businesses have assessed the impact a significant cybersecurity breach would have on their operations than New Zealand ones have (73% versus 61%).
- Finally, while nearly half (49%) of New Zealand respondents believe their country is behind the rest of the world in terms of cybersecurity practices, the metric is 43% for Australians.