The Insurance Council of New Zealand has marked the start of Cyber Smart Week by calling on New Zealand’s small and medium businesses to take out cyber insurance. It says only six percent of SMEs in New Zealand have cyber insurance, compared with 14 percent in Australia.
Insurance Council CEO Tim Grafton said most big corporates in New Zealand had a cyber policy or at least a standing item on their board agendas.”
“The real problem area is NZ small-medium enterprises. We are a nation of small businesses with 90-plus percent of businesses in NZ under 20 employee,” he said. “The common sorts of crypto attacks are unsophisticated, untargeted and while low in dollar value – usually sub $5,000, enough to be an annoyance and damaging to a small business.”
In a 2016 survey of Australian and New Zealand businesses undertaken by AusCert and BDO, 13.8 percent of respondents said they had cyber cover under other policies, 7.4 percent believed they were covered by other policies, and 9.4 percent claimed to have a stand-alone cyber policy. 24.5 percent said they were considering cyber insurance.
The report cast doubt on the value of some of this insurance in light of poor security practices. “Only 52.3 percent of organisations are performing regular security risk assessments,” it said.
“This suggests that nearly half of all respondents don’t have an accurate view of their cyber risks. This raises the question as to whether those organisations who have taken out cyber insurance, have policies in place that will respond to insurance claims.”
The survey found only 48 percent of respondents had a cyber response plan and only 41 percent had a cyber incident response team or capability in place to respond to incidents.
A recent Norton NZ small business security survey found two percent of small businesses in New Zealand had been targeted by a cyber attack.
“Ninety percent of cyber incidents begin with a human error in the organisation being attacked, which makes education about cyber risks and robust cyber risk management extremely important,” Norton said.
“Victims are also very often unaware that a cyber breach has occurred; it may be some years before a breach or its consequences are discovered. The average amount of time a breach goes unnoticed is around nine months.”
Cyber Smart Week has been organised by New Zealand Government agencies CERT NZ and Connect Smart and runs from Monday 27 November to Friday 1 December 2017.
The theme of the week is ‘Just do one thing’. It lists “four easy steps that anyone can follow that are quick, simple, and will improve online safety for individuals, business - their staff and customers.”
- Use different passwords for different accounts
- Turn on two-factor authentication
- Make sure operating systems are up-to-date
- Check your privacy settings so you know who can see what.
The New Zealand Bankers’ Association has added its voice to the campaign, urging New Zealanders to get two-factor authentication. Chief executive Karen Scott-Howman, said: “Most banks now offer two-factor authentication, or 2FA, to access online banking or to authorise transactions over certain limits.”