New Zealand directors believe that cyber attacks will be the biggest threat to New Zealand this year, according to the Directors’ Risk Survey, conducted by Marsh.
79% of those surveyed from the Institute of Directors (IoD) say that a cyber attack would have medium or high impact on their organisation’s strategic growth, operational efficiency and legal/contractual compliance.
The number of total losses from cyber attacks have hit an estimated $300-400 million, while the number of data loss incidents jumped by 25% from July 2015 to June 2016, signifying a 47% increase in the value of those losses.
“It is worth noting that cyber risk is absent for nearly one-third of organisations in New Zealand. There is a very real and growing threat that an unexpected cyber incident could blindside these organisations,” the report says.
Organisations must gain a complete understanding of both risks and cyber vulnerabilities, as well as reviewing systems, processes and policies.
The report found that New Zealand organisations are starting to mitigate cyber risk, but they are slower to make changes to systems and processes. Relying purely on cyber insurance is a short-sighted approach, as larger organisations are investing in more complex risk assessment, mitigation and transfer strategies.
Overall, cyber risk ranked fifth in the top five risks that could impact business in the next 12 months with 43%, behind social media (62%), talent attraction and retention (59%), increasing corporate governance requirements (55%) and earning volatility.
This is a change from last year’s results, where governance and cyber risks were the top two emerging risks. The survey believes that directors are putting increased emphasis on social media and brand reputation.
The survey also identified other top business risks, including asset bubbles, urban planning failure, extreme weather events and natural catastrophes.
IoD Manager Governance Leadership Centre Felicity Caird says the management of risk is critical to a board providing strategic leadership and creating value.
“Risks change and evolve and the need to stay current is emphasised by this report. Technology is an integral part of business capability and boards need to take responsibility to be able to lead in this new era,” comments Felicity Caird, IoD manager of the Governance Leadership Centre.
Overall, risk management has seen an uptake at board level, with the biggest growth coming from public company boards (37%) compared to 21% for private companies and 25% for government entities.