Story image

NZ firms pick up the pace on cybersecurity savviness

14 Nov 17

New Zealand businesses are starting to realise the dangers that cyber attacks present, however some still remain ignorant according to new research from Kordia.

A survey of 225 IT decision makers found that half of businesses acknowledged they are at risk – which means at least half don’t believe they are at risk at all.

According to Kordia’s head of communications Esmée O’Brien, the results are ‘encouraging’.

“Over half of New Zealand businesses now acknowledge their risk of falling victim to cybercrime. Two thirds of businesses updated or reviewed their policies in the wake of the recent high-profile ransomware attacks. And, more than half of all businesses are planning to increase their budget for information security in the year ahead,” O’Brien says.

25 percent of surveyed respondents said they were impacted by the NotPetya and WannaCry ransomware attacks. 46% have been targeted by either phishing, ransomware or malware in the last 12 months.

Those attacks have spurred actions for 65% of respondents, including reviews and updates to their security policies.

IT decision makers believe that their company needs to invest more in security. Almost 60% of respondents say their security budget is between 5-14% of their entire IT budget. 22% believe that percentage needs to increase.

Budgets, risk and impact all boil down to an organisation’s readiness to deal with cyber attacks. The survey showed that 68% of respondents believe their company is ready. 59% have a response plan, however 29% don’t have one at all.

Cyber insurance is yet to gain ground in New Zealand businesses, as 41% do not have any cyber insurance.

O’Brien also highlights that two thirds of respondents have conducted training or awareness programmes for their employees.

Three quarters of respondents believe their staff understand best practices such as strong passwords, avoiding suspicious links and locking devices.

“This is a great result. Technology can only go so far when it comes to securing information – the rest is up to people. We’d like to see that number higher, but it does show that more businesses are getting the message and understanding that cyber security is a company-wide issue,” O’Brien says.

She also warns that businesses can’t let security activities fall by the wayside.

“It is no longer a case of ‘if’, but ‘when’ your business will be targeted. Being prepared and taking a risk-based approach is therefore an essential part of being in business. It is not the attack itself that will determine the eventual outcome, but how you respond to it. We’d like to see all New Zealand businesses acknowledging cyber security risk, training their people, establishing response plans – and testing them regularly,” she concludes.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.