Do NZ business get hacked? What’s the impact?

NZ SMEs have a serious case of “she’ll be right” when it comes to cyber risk, believing an attack won’t happen to them or that the impact would be minor. The reality? NZ SMEs get attacked constantly, and the impact is painful. So why the relaxed approach? Maybe because breaches are often cleaned up quietly, to minimise impact on reputation. With most attacks hidden from public view, are SMEs underestimating the risk simply because they don’t see it? Do SMEs have a false sense of security caused by a lack of information? If everyone knew how often and how badly SMEs are hit, would fewer be caught off guard?

Do NZ SMEs get hacked? Yes. According to NZ’s National Cyber Security Centre (NCSC), nearly half (43%) of attacks target SMEs* and more than 1 in 3 (36%) of SMEs have been attacked in the last year*.

What is the impact? Varies in severity, from minor to catastrophic. We have seen first-hand the real impact of cyber-attacks on NZ SMEs

• Complete technology lockouts, loss of all systems, and months of downtime to fully recover

• $1million cost from a compromised cloud system used by hackers for crypto-mining

• Leaked customer data, and a public apology issued to customers

• Money stolen in phishing attacks, Eg a convincing fake email on a change of bank details for a supplier

• Malicious emails sent from your (compromised) email address to your clients - causing major damage to relationships and reputation

In every one of the above examples the businesses called in expert help - but only after they had been compromised.

COMMON BARRIERS TO CYBER SECURITY

Based on the above, we see that SMEs are directly targeted, the frequency is… frequent, and the impact is real. So do SME’s truly understand this risk? We dug deeper into the NCSC data to find the top five barriers that are stopping NZ SMEs from completing more cyber security measures*.

1.      “We keep forgetting to” (25%).
You don’t forget something if it is a known high risk. With most attacks kept private, SMEs have a false sense of security and think the risk to them is low. Would anyone “forget” to protect their business if they knew an attack would cost them $1million tomorrow? Assume you are constantly targeted, and the impact of attack is severe.

2.     “We feel we are already doing enough to protect ourselves” (24%)
You trust your IT vendor to protect you - but how do you know if they are doing a good job? You would be surprised how many IT providers don’t specialise in modern security risks. If you aren’t getting regular updates on your security position and improvement - then engage an external specialist for an independent assessment.  

3.      “We don’t have the time” (17%):
SME life requires you to wear many hats to wear at once, and cyber security rates as only the third highest SME priority after the economy and cash flow*. Luckily, there is expert help available, and you can engage a good IT partner who will proactively work on protecting your business. 95% of the work can be done remotely by experts and requires very little of your time.

4.      “We don’t know how to do it/ it’s too complicated” (16%):
Cyber security is complicated, but that’s why technology partners exist. You don’t need to be the expert on what to do or how to do it. Work with experts who give you plain English guidance (not tech jargon), business focused risk analysis, and pragmatic improvements.

5.      “We don’t know what to do” (14%)
Start with an assessment of your current cyber security position. Work with an IT partner who uses a known cyber security framework and can help you understand your risk.

SO WHAT?

NZ SMEs are frequent targets of cyber-attacks, regularly suffering major financial loss, system outages, and reputational damage. The biggest hurdles? Recognising the real risk and finding the right support.

Who is protecting your business? If you were hacked tomorrow, who is accountable? Would someone lose their job? Please don’t wait until it’s too late.

We help our customers protect themselves against cybercrime. Our essential cyber assessments cost approx. $5,000 (+GST) and ensure you have the most critical protections in place. You’ll also receive a clear, easy-to-read report outlining risk areas and recommended improvements. If you want more information, check out our Cyber Security Services or download our assessment brochure below.

(*All statistics from National Cyber Security Centre Behaviour Tracker 2024)