Despite the high prevalence of cyber attacks, and two recent surveys showing that cyber security and cyber threats are top of mind for New Zealand CEOs, security for most organisations as “just a compliance or box-ticking exercise,” according to global business advisory firm, Grant Thornton.
Hamish Bowen, partner, IT advisory and security at Grant Thornton New Zealand, said: "Our own research here in New Zealand has revealed that cyber-security is one of the key top-of mind risks for organisations, but for most, risk management is increasingly being viewed as just a compliance or box-ticking exercise; recognising the risk is insufficient to protect your organisation."
He was commenting on New Zealand data from Grant Thornton’s latest International Business Report. Its findings suggest that, in New Zealand, 28 percent of businesses surveyed have faced a cyber-attack over the past year. This, it said, placed New Zealand eighth in the league table of 37 countries surveyed.
The 46 directors who responded to a survey undertaken by the NZ arm of global insurance broker, Marsh&McLennan, published earlier this week, said they perceived cyber-attacks to be the biggest threat to New Zealand businesses in 2017. Seventy nine percent of those surveyed rated the impact on their organisation’s strategic growth, operational efficiency and legal/ contractual compliance as medium or high.
The week prior, PriceWaterhouseCoopers’ published the results of its 20th annual NZ CEO survey. It found 91 percent of CEOs worried about cyber security.
Bowen said, "We need to realise security for an organisation is a system of protection, prevention and response that requires people, process and technology. We have too often focused on the technology component leaving ourselves exposed to common threats like ransomware, because we are not investing in security training of people and improving our general security processes. "This requires urgency and an investment in minimising the damage when the inevitable happens."
The report said: “Nearly one in four businesses worldwide (21 percent) have faced a cyber-attack over the last 12 months, compared to 15 percent who said the same a year ago.
“Of those who were attacked, the most common form of cyber-attack cited globally was damage to their business infrastructure (22 percent of firms). But other forms of cyber-attack experienced include using blackmail or extortion to obtain money (17 percent), a more common occurrence than theft of customer financial details (12 percent) or theft of intellectual property (11 percent).”