NZ firms pick up the pace on cybersecurity savviness
New Zealand businesses are starting to realise the dangers that cyber attacks present, however some still remain ignorant according to new research from Kordia.
A survey of 225 IT decision makers found that half of businesses acknowledged they are at risk – which means at least half don't believe they are at risk at all.
According to Kordia's head of communications Esmée O'Brien, the results are ‘encouraging'.
“Over half of New Zealand businesses now acknowledge their risk of falling victim to cybercrime. Two thirds of businesses updated or reviewed their policies in the wake of the recent high-profile ransomware attacks. And, more than half of all businesses are planning to increase their budget for information security in the year ahead,” O'Brien says.
25 percent of surveyed respondents said they were impacted by the NotPetya and WannaCry ransomware attacks. 46% have been targeted by either phishing, ransomware or malware in the last 12 months.
Those attacks have spurred actions for 65% of respondents, including reviews and updates to their security policies.
IT decision makers believe that their company needs to invest more in security. Almost 60% of respondents say their security budget is between 5-14% of their entire IT budget. 22% believe that percentage needs to increase.
Budgets, risk and impact all boil down to an organisation's readiness to deal with cyber attacks. The survey showed that 68% of respondents believe their company is ready. 59% have a response plan, however 29% don't have one at all.
Cyber insurance is yet to gain ground in New Zealand businesses, as 41% do not have any cyber insurance.
O'Brien also highlights that two thirds of respondents have conducted training or awareness programmes for their employees.
Three quarters of respondents believe their staff understand best practices such as strong passwords, avoiding suspicious links and locking devices.
“This is a great result. Technology can only go so far when it comes to securing information – the rest is up to people. We'd like to see that number higher, but it does show that more businesses are getting the message and understanding that cyber security is a company-wide issue,” O'Brien says.
She also warns that businesses can't let security activities fall by the wayside.
“It is no longer a case of ‘if', but ‘when' your business will be targeted. Being prepared and taking a risk-based approach is therefore an essential part of being in business. It is not the attack itself that will determine the eventual outcome, but how you respond to it. We'd like to see all New Zealand businesses acknowledging cyber security risk, training their people, establishing response plans – and testing them regularly,” she concludes.