New study highlights cybersecurity challenges for New Zealand businesses

A study published by telecommunications company Kordia has brought to light the toll of cyberattacks on New Zealand's large businesses.

The survey, targeting firms with a workforce exceeding 100, disclosed that 36% of those experiencing cyberattacks in 2023 saw significant interruptions to their operations, while 29% faced breaches involving personal data.

Key insights from Kordia survey

The survey yielded several key insights:

• Nearly a third (28%) blamed incidents on failures or security lapses from third-party vendors.
• A substantial 70% of executives admitted they would consider paying off cybercriminals.
• Issues such as cloud misconfigurations or vulnerabilities in software were at the heart of 39% of the cyber troubles.
• For about 46% of the affected firms, resolving cyber incidents stretched beyond a month.

Furthermore, the survey found that 69% of businesses acknowledged the repercussions of cyber incidents, with 46% indicating a recovery period exceeding one month.

Shift in cybercriminals' tactics

Alastair Miller, principal consultant at Aura Information Security, Kordia's cybersecurity advisory and testing consultancy, pointed out a shift in cybercriminal tactics towards targeting operational disruptions as a form of extortion, reflecting trends seen in global cyber incidents.

“Cybercriminals are financially motivated. What's interesting in this survey is it highlights the beginning of a trend where hackers are targeting operational downtime over stealing or encrypting data as a means of extorting their victims. This is in line with what we're seeing overseas, such as the recent DP World cyberattack in Australia,” he said.

Miller underscored the dire financial and operational stakes of such cyber disruptions, noting their potential to paralyse businesses swiftly and inflict extensive damage on supply chains and the broader economy.

“Any cyberattack disruptive enough to cause a business to completely go offline can cripple a business in days, but the reality is that a major incident can take months to resolve – with costs running into the hundreds of thousands. For large businesses and critical infrastructure providers, like the ones we surveyed, operational downtime impacts can have knock-on effects for whole supply chains and our economy,” he said.

Human cost of cyberattacks

The study also shed light on the wide-reaching effects of cyber threats on New Zealand's populace, illustrated by a significant breach affecting 1 million local individuals.

The shortage of skilled cybersecurity professionals and the mental strain on employees within affected organisations were underscored as significant concerns.

How to navigate the cyber threat environment

To navigate the challenging cyber threat environment in 2024, Kordia advised businesses to focus on five key areas:

• effective recovery strategies
• incorporating security in cloud transformations
• adopting a risk-based approach to cybersecurity investment
• fostering a security-aware culture
• ensuring cybersecurity is a board-level priority