Report uncovers alarming cybersecurity gaps in New Zealand SMEs
Report uncovers alarming cybersecurity gaps in New Zealand SMEs | Insurance Business New Zealand
Cyber
Report uncovers alarming cybersecurity gaps in New Zealand SMEs
Initiatives released to improve cyber resilience
Cyber
By
Roxanne Libatique
A new report from New Zealand’s National Cyber Security Centre (NCSC) has identified critical gaps in the cybersecurity readiness of small and medium-sized enterprises (SMEs) across the country.
New Zealand SMEs’ cybersecurity priorities
The report indicated that 55% of SMEs consider cybersecurity a priority, yet only 48% feel adequately prepared for a potential cyber incident.
“Businesses are aware that cyber security is critical, but other concerns are taking priority,” he said, as reported by IT Brief, adding that many SMEs only act after they have experienced an attack.
New Zealand SMEs’ response to cyberattacks
The survey, which polled 349 IT and operations managers within SMEs, found that 36% had been hit by cyberattacks within the past six months.
Among those affected, 57% implemented new cybersecurity measures, in contrast to only 27% of those who had not been attacked.
Jagusch commented on the reactive nature of many businesses – focusing on addressing the problem after the fact rather than preventing it in the first place.
“While it’s good to see some actions being taken up, the more future-oriented ones aren’t,” he said.
New Zealand SMEs’ cybersecurity measures
The study also revealed that more than a third (35%) of SMEs do not regularly back up their data, and 23% fail to keep their software consistently updated.
Jagusch noted that this lack of basic cybersecurity practices is often due to businesses not knowing where to begin. To address this, the NCSC has introduced a tool on its “Own Your Online” website to help businesses assess and improve their cybersecurity strategies.
National Cyber Security Centre’s initiatives
The NCSC plans to continue supporting SMEs with tools and guidance aimed at encouraging more proactive cybersecurity practices. The goal is for the 2025 report to show improved cybersecurity practices across the sector
The initiative is designed to help SMEs streamline their cybersecurity efforts, allowing business owners to focus on operations while mitigating security risks.
Jagusch said that the NCSC’s goal is to help businesses prioritise key cybersecurity practices without overwhelming them.
“Our goal is to save [businesses] time by helping identify what cyber security practices they should focus on,” he said.
The report found that 36% of large businesses experienced significant operational disruptions due to cyber incidents in 2023, with 29% reporting breaches involving personal data.
Other key findings from the survey show that 28% of attacks were linked to security failures from third-party vendors, and 70% of executives said they would consider paying a ransom if faced with a cyber extortion attempt.
The Kordia study also highlighted the broader economic and personal toll of cyberattacks, particularly the strain on employees within affected organisations and the potential for supply chain disruptions.
Related Stories
Keep up with the latest news and events
Join our mailing list, it’s free!