sb-nz logo
Story image

New Zealand staff responsible for 29.6% of cyber attacks - report

25 Oct 2017

Current staff are responsible for 29.6% of cyber attacks in New Zealand and are some the biggest cyber risks for Kiwi companies – at least that’s what PwC’s latest Global State of Information Security Survey 2018 has found.

Service providers, suppliers and business partners all contribute to the risk, but none more so than staff members themselves, according to the 62 top security professionals who took part in the New Zealand component of the global survey.

“The ‘unknown hacker’ was picked as the largest category responsible for cyber attacks and that’s because attribution is difficult and most companies end up not knowing where or who the attackers are. However, it became clear that people known to the company were also among the biggest threats,” says Adrian van Hest, PwC Partner and cyber practice leader. 

Van Hest says that cybersecurity investment is increasing; as are the number and cost of incidents.

“So while there’s continued spending, it doesn't mean that the investments are effective or that they’re being spent on the right things.” 

In New Zealand, only 49.2% of respondents said their organisation’s cyber spending is aligned with revenue; compared to 72.2% of those questioned in Australia and 65.7% globally.

New business models, including the uptake of cloud computing and mobile devices present new risks to organisations. It is not because they are any less safe, but because they require a different approach to cybersecurity management.

58.3% of New Zealand organisations indicate they have cyber insurance and 13.3% say they do not know.

“We’ve also found that investment in identity management is growing faster overseas because they’re experiencing more cyber incidents through increased cloud usage. Kiwi companies are slightly behind the trend as most of our cyber incidents still seem to occur because of outdated software. However, as more businesses move to the cloud, it’s only a matter of time before we face the same risks,” van Hest comments.

The report stresses that security is no longer an IT problem but one that involves ‘our entire digital society’. It says that businesses cannot trust that their company and customer data will stay secure.

New Zealand respondents rank traditional software vulnerabilities such as out-of-date software as the most common cause of security incidents.

“Building and maintaining trust is going to be the greatest differentiator for New Zealand businesses in our digital society and now’s the time to start taking that seriously.”

Globally, 29% of respondents indicate that CISOs are responsible for an organisation’s IoT security, followed by engineering (19%) and chief risk officers (17%).

In addition to the 62 New Zealand cybersecurity professionals, the survey also gained responses from 10,000 professionals worldwide.

Story image
Arlo's latest Ultra security cameras now available in NZ
The Ultra 2 Wire-Free Spotlight Camera System is equipped with 4K video and HDR image recording, auto-zoom and tracking, and much more.More
Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Users pay with personal data - Kaspersky on WhatsApp move to share data with Facebook
"Nothing is truly free, and, unfortunately, the current business model for free services means that, essentially, we pay with our data."More
Story image
APAC secure content management market to hit $2.2 billion by 2024
The proliferation of cloud-based deployments will largely drive this, the report says, as the COVID-19 pandemic motivates more enterprises to move their workloads to the cloud and rely more on the internet. More
Story image
Online gaming a 'hotbed' for DDoS attacks — report
The latency and availability issues present in online gaming, in particular, presented an attractive target to attackers, in addition to the enduring popularity of gaming in the era of COVID-19.More