The 2024 SME Cyber Security Behaviour Tracker revealed that while a majority of small and medium-sized enterprises (SMEs) in New Zealand acknowledge the significance of cybersecurity, many are still inadequately prepared to face cyber threats.
According to the report, 55% of Kiwi SMEs consider cybersecurity important. However, only 48% said they are equipped enough when a cyber incident occurs.
National Cyber Security Centre director of mission enablement, Michael Jagusch, cited that while the significance of cybersecurity is broadly recognised, it frequently takes a secondary position to other priorities and considerations of an organisation.
The report, which surveyed 349 IT professionals and operations managers within NZ SMEs, has also shown that 35% of SMEs do not regularly back up their data, while 23% neglect to consistently update their software.
It also found that 36% had experienced cyberattacks within the previous six months, and among those affected, 57% started adopting new cybersecurity measures.
Jagusch noted that businesses frequently adopt a reactive approach, concentrating on resolving issues after they arise instead of taking steps to prevent them from occurring in the first place.
A separate study conducted by NZ telecommunications provider Kordia has found that 36% of large businesses faced major operational disruptions as a result of cyber incidents, and 29% reported breaches that involved personal data.
Meanwhile, 70% of business executives stated they would pay a ransom to cybercriminals in the event of cyberextortion.
Kordia also advised businesses to focus on implementing stringent recovery strategies, embedding security into cloud transformation processes, taking a risk-based approach to cybersecurity investments, raising awareness about cybersecurity, and elevating cybersecurity as a top board-level priority to be able to navigate the complex landscape of cyber threats.