A study published by telecommunications company Kordia has brought to light the toll of cyberattacks on New Zealand's large businesses.
The survey, targeting firms with a workforce exceeding 100, disclosed that 36% of those experiencing cyberattacks in 2023 saw significant interruptions to their operations, while 29% faced breaches involving personal data.
The survey yielded several key insights:
Furthermore, the survey found that 69% of businesses acknowledged the repercussions of cyber incidents, with 46% indicating a recovery period exceeding one month.
Alastair Miller, principal consultant at Aura Information Security, Kordia's cybersecurity advisory and testing consultancy, pointed out a shift in cybercriminal tactics towards targeting operational disruptions as a form of extortion, reflecting trends seen in global cyber incidents.
“Cybercriminals are financially motivated. What's interesting in this survey is it highlights the beginning of a trend where hackers are targeting operational downtime over stealing or encrypting data as a means of extorting their victims. This is in line with what we're seeing overseas, such as the recent DP World cyberattack in Australia,” he said.
Miller underscored the dire financial and operational stakes of such cyber disruptions, noting their potential to paralyse businesses swiftly and inflict extensive damage on supply chains and the broader economy.
“Any cyberattack disruptive enough to cause a business to completely go offline can cripple a business in days, but the reality is that a major incident can take months to resolve – with costs running into the hundreds of thousands. For large businesses and critical infrastructure providers, like the ones we surveyed, operational downtime impacts can have knock-on effects for whole supply chains and our economy,” he said.
The study also shed light on the wide-reaching effects of cyber threats on New Zealand's populace, illustrated by a significant breach affecting 1 million local individuals.
The shortage of skilled cybersecurity professionals and the mental strain on employees within affected organisations were underscored as significant concerns.
To navigate the challenging cyber threat environment in 2024, Kordia advised businesses to focus on five key areas: