PricewaterhouseCoopers has issued a damning report on the cyber security practices of New Zealand organisations saying they have failed to evolve to keep pace with digital transformation and are lagging well behind those in other countries.
NZ organisations’ attitudes to data privacy came in for scathing criticism. “New Zealand organisations are just now realising that they are no longer seen as the victim in the event of a data breach, but regarded as someone who has abused their client’s trust in them,” PwC said.
“In [Australia and Singapore] privacy is seen as a way to stand out and appeal to customers who are increasingly protective of their data – in New Zealand it’s treated solely as a question of compliance.”
PwC said that New Zealand’s lack of regulation and enforcement was adversely affecting the country as a destination for digital business.”
The findings come from PwC’s Global State of Information Security Survey (GSISS) 2017, which tracks the transformation that digital business models are bringing to local companies, and the impact this is having on their cyber security efforts.
PwC found that, compared to the rest of the world, Kiwi businesses were lagging in the amount of spending directed towards cyber security, and that expenditure was directed to basic measures rather than those more likely to address the insider and partner issue, such as comprehensive identity management systems and tighter control over administrator privileges.
PwC New Zealand partner and cyber practice leader, Adrian van Hest, said: “A major concern is the focus on only a narrow range of methods to detect cyber security weaknesses. New Zealand companies are over-reliant on very basic penetration tests, and less focused on understanding their risk, let alone more advanced analytics and how to respond when something actually happens.”
Most telling were NZ respondents’ responses to the question of what percentage of cyber security spending was aligned with business revenue. The figure for NZ was 20.5 percent compared to 73 percent for Australia and 63 percent globally.
“Local companies are struggling to put safeguards in place to protect the data they gather. In New Zealand, only 42 percent currently inventory personal data from customers and employees, 11 percentage points behind the global average.” Also: “The uptake of managed security services, for example, is almost half that of Australia (44 percent compared to 78 percent),” PwC said.
According to PwC, the rise of digital businesses, mass adoption of cloud technology and the increasingly complex network of relationships with customers, employees and supply chain partners have all blurred the lines of traditional cyber security.
“As a result, New Zealand companies are struggling to respond to the added complexity,” it said. “Only 29 percent of local firms evaluate the security of third-parties, despite suppliers and business partners being the fastest-growing source for cyber attacks. Likewise, employees were the single largest source of cyber security breaches, yet organisations are still focusing on external threats.”