Cyber attacks are one of the most dangerous threats facing businesses in New Zealand. The geographical location thought to protect the island from such attacks has been a major factor in businesses' lack of defence, and is no longer relevant in an Internet that knows no boundaries, says a new white paper on the evolution of cyber threats.
New Zealand has been recognised as one of the “Cyber Five’ countries alongside South Korea, Australia, Japan and Singapore, who appear to be nine times more vulnerable to cyberattacks than any other Asian economies.
It sits 19th in the Global Cybersecurity Index, which measures a country’s commitment to cybersecurity, compared to Australia in 7th place. Yet New Zealand businesses remain underprepared, said “The evolution of cyber threats: Embracing Cyber Risk Management” issued by Delta Insurance last week.
The number of Australian and New Zealand small businesses who have faced a cyberattack are virtually identical (19% in Australia and 18% in NZ), but only 6% of New Zealand SMEs hold cyber insurance, compared with 14% of Australian SMEs. This is despite the fact that one in five New Zealand SMEs is targeted by a cyberattack with an average financial loss of NZD19,000 (US$13,700).
Though the level of cybersecurity awareness is increasing, business owners are still failing to take action in increasing their current security infrastructure with 88% of New Zealand companies unaware they can purchase insurance against a cyber incident.
Beyond the risks faced by businesses, New Zealand’s legislation is falling behind international standards. In New Zealand, unlike other jurisdictions, there is no compulsory data breach notification law.
There is also significant under-reporting of cyberattacks in New Zealand and internationally. This is due to fears of negative publicity, legal repercussions and the cost of notifications. Further, there is a perception the cyberattack victim is punished through publicity, rather than the perpetrator, said the paper.
In this environment, businesses are recognising the need to invest in mitigating risk. Some forecasts predict the global cyber insurance market will grow from $4 billion to $20 billion by 2025.
“Currently we estimate the cyber insurance market in New Zealand to be NZD10 million in premium. With more thought leadership, education and understanding from the market, it is likely to climb to at least NZD50 million by 2020, with the potential to be more than NZ250 million in premiums by 2025,” said Delta Insurance Managing Director Ian Pollard.
The paper noted that a number of initiatives are underway to develop a robust cybersecurity infrastructure in New Zealand, with the government looking at mandatory reporting and privacy legislation reform on the horizon, along with the introduction of a cyber taskforce and public/private sector strategies in place.
However, it is up to each individual business in New Zealand to make sure they have the appropriate risk management strategies in place to minimise the impact of an inevitable cyberattack.
Ransomware, whaling (phishing targeting fewer, high value senior targets in a company), distributed denial of service (DDoS) attacks and state-backed cyberwarfare have proved to be major threats in recent years. A host of others are now emerging amid the rise of technology such as the Internet of Things and artificial intelligence, discussed the paper, which can be read in its entirety here.