Current staff are responsible for 29.6% of cyber attacks in New Zealand and are some the biggest cyber risks for Kiwi companies – at least that's what PwC's latest Global State of Information Security Survey 2018 has found.
Service providers, suppliers and business partners all contribute to the risk, but none more so than staff members themselves, according to the 62 top security professionals who took part in the New Zealand component of the global survey.
“The ‘unknown hacker' was picked as the largest category responsible for cyber attacks and that's because attribution is difficult and most companies end up not knowing where or who the attackers are. However, it became clear that people known to the company were also among the biggest threats,” says Adrian van Hest, PwC Partner and cyber practice leader.
Van Hest says that cybersecurity investment is increasing; as are the number and cost of incidents.
“So while there's continued spending, it doesn't mean that the investments are effective or that they're being spent on the right things.”
In New Zealand, only 49.2% of respondents said their organisation's cyber spending is aligned with revenue; compared to 72.2% of those questioned in Australia and 65.7% globally.
New business models, including the uptake of cloud computing and mobile devices present new risks to organisations. It is not because they are any less safe, but because they require a different approach to cybersecurity management.
58.3% of New Zealand organisations indicate they have cyber insurance and 13.3% say they do not know.
“We've also found that investment in identity management is growing faster overseas because they're experiencing more cyber incidents through increased cloud usage. Kiwi companies are slightly behind the trend as most of our cyber incidents still seem to occur because of outdated software. However, as more businesses move to the cloud, it's only a matter of time before we face the same risks,” van Hest comments.
The report stresses that security is no longer an IT problem but one that involves ‘our entire digital society'. It says that businesses cannot trust that their company and customer data will stay secure.
New Zealand respondents rank traditional software vulnerabilities such as out-of-date software as the most common cause of security incidents.
“Building and maintaining trust is going to be the greatest differentiator for New Zealand businesses in our digital society and now's the time to start taking that seriously.
Globally, 29% of respondents indicate that CISOs are responsible for an organisation's IoT security, followed by engineering (19%) and chief risk officers (17%).
In addition to the 62 New Zealand cybersecurity professionals, the survey also gained responses from 10,000 professionals worldwide.