13/11/18 | Security
- 40 percent of businesses have experienced a recent cyber-attack attempt
- One in three businesses believe New Zealand is less at risk of cybercrime
- Nearly three quarters of businesses expect a rise in the frequency and complexity of cyber attacks
- Half of New Zealand businesses have no understanding of what upcoming changes to the Privacy Bill will mean for them.
A third of New Zealand businesses believe the country is at a reduced risk of cyber-attacks than the rest of the world, while six out of ten aren’t ‘very confident’ that they could withstand an attack, a new survey from Aura Information Security has found.
“Thousands of cyber-attacks are happening across the world every minute. New Zealand is just as vulnerable to these threats as any other nation”, says Peter Bailey, general manager of specialist cyber security consultancy, Aura Information Security.
The survey polled more than 230 IT decision makers in businesses with 20 or more employees across New Zealand. The study was also conducted in Australia, where it drew over 300 respondents (key comparisons with Australia are below).
Alarmingly, over a third of respondents believe the country is at less risk of cyber-attacks than the rest of the world.
“Nothing could be farther from the truth,” says Bailey, adding that the slightly more than 40 percent of respondents who indicated that New Zealand is just as at risk as the rest of the world have a much better understanding of the challenge that local businesses are facing.
New Zealand businesses a target
The misconception that New Zealand is at less risk is surprising, considering 40 percent of businesses reported being targeted by one to five ransomware or phishing attack per quarter; 20 percent estimate the number of attacks is closer to between five and 10 incidents and 10 percent said they are subject to 15 or more.
“This confirms is the wide prevalence of cyber-attacks on New Zealand businesses, which is why we were concerned so many of those surveyed consider New Zealand safer than the rest of the world,” says Bailey.
“Cyber criminals operate in much the same way as legitimate businesses, using similar automation and artificial intelligence tools to identify opportunities and then focusing their attention from where the best results are likely to flow.”
Those businesses that believe they haven’t been targeted, he goes on to add, probably just don’t know that it has already happened.
Other key findings
- A general expectation that cybercrime will continue to grow. 70 percent of businesses anticipate an increase in the frequency and complexity of cyber-attacks in the coming 12 months
- Budgets are increasing. Two thirds of respondents anticipate an increase in budgets dedicated to cybersecurity.
- Training and policies in place, but questions over effectiveness. Most companies (more than 70 percent) say they have policies or training in place to prevent cyber breaches), but only four in ten are very confident in these measures as a key line of defence. And just six in ten businesses have assessed the impact a significant cyber breach would have on their business.
- The basics are still ignored. Even managers aware of the risks tend to overlook the basics. Almost 40 percent of businesses do not carry out regular penetration testing.
- Personal attacks. Four in ten respondents were personally targeted by phishing or ransomware attacks.
Comparisons with Australia.
Broadly, cybercrime perceptions across the Tasman mirror those of New Zealand, with several notable exceptions.
- Where in New Zealand, some 70 percent of businesses provide some form of cyber security reporting to the Board or senior management, the number is higher in Australia, at 80 percent. This is perhaps owing to the tighter regulatory environment ushered in by the recently introduced Notifiable Data Breaches Scheme. The EU General Data Protection Regulation has some effect, too: 33 percent of Kiwi businesses report a requirement to comply, and 39 percent of Australian ones.
- A slightly higher percentage (80) of Australian businesses have training or policies in place to prevent a cyber breach (NZ: 73); confidence in the likely success of those policies is high for businesses in both nations.
- More Australian businesses expect to be a target of an attack in the coming year at 36 percent versus New Zealand’s 27 percent; and more Australian businesses have assessed the impact a significant cyber security breach would have on their operations than New Zealand ones have (73 percent versus 61 percent).
- Finally, while nearly half (49 percent) of New Zealand respondents believe their country is behind the rest of the world in terms of cybersecurity practices, the metric is 43 percent for Australians.