The Insurance Council of New Zealand (ICNZ) has put the cost of fraudulent insurance claims at around $615 million per year. With businesses across every industry at severe risk from cyberattacks and other malicious and fraudulent machinations, KnowBe4, the provider of the world’s largest security awareness training and phishing platform, revealed new research which suggested that information technology (IT) decision makers in New Zealand are underprepared regarding risks to their businesses.
These risks often range from the most common phishing attacks to more elaborate schemes like the business email compromise, otherwise known as CEO Fraud. The study found that only a third (32%) of the country’s IT decision-makers say they are concerned about phishing as a risk to their respective organisations, while even fewer are concerned about BEC attacks, sitting at 27%.
When asked to determine whether sample emails and SMS were real or fake, only 5% of the study’s respondents were able to correctly identify them all. The research also found that 25% of New Zealand IT decision-makers use their work phones for personal activity, a figure that is 7% higher indicated by regular office workers. Twenty-three per cent also use their work email address for personal activity.
“When those charged with keeping a business secure are unaware of the risks and unable to identify scam emails and SMS messages, their organisations are at significant risk. According to Consumer Protection NZ, Kiwis lost a combined total of $183.5 million to scams in 2022 (up a massive 40 percent on the previous year). If those in charge of security are unaware of best practices, then they cannot educate and train employees,” KnowBe4 APAC security awareness advocate Jacqueline Jayne said in a statement.
“When employees are using their work email address for personal activities such as online shopping, they are much more likely to fall victim to a phishing attack that uses a hook such as delivery delays to entice the victim to click through,” she said. “Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam – if you know you never shop online using your work email address, then you know that email from Amazon cannot be real.”
The study also found that only four in 10 IT decision-makers say they are confident they would know the steps they would need to take following a cyber incident or data breach within their companies. Only 42% of these decision-makers also believe that the employees in their organisations understand the business impact of falling victim to a cyberattack. Thirty-six per cent are also confident in their employees identifying phishing and BEC emails and that their employees report all emails they believe to be suspicious.
Despite some of the negative takeaways, the research did find that a lot of Kiwi IT leaders plan on investing and spending money on cybersecurity in 2023, with the figure reaching 73%. Of this number, 58% are most likely to invest in new cybersecurity software solutions, while 55% are looking into a cybersecurity awareness training program with ongoing and relevant content.
Less than half (49%) of those who plan on investing in cybersecurity in 2023 are also looking at cybersecurity insurance, while 44% are planning employee policy changes related to cybersecurity. Thirty-nine per cent also said that they want to invest further in infrastructure, while 36% want to simulate phishing and social engineering for end users.
What are your thoughts on this story? Please feel free to share your comments below.