Research Reveals The Harmful Impact Of Cyber-attacks On Large Kiwi Businesses
In a revealing study by Kordia, the alarming effect of cyber-attacks on some of New Zealand’s largest enterprises has been brought to light. The independent research, focusing on businesses with 100 or more employees that were subjected to cyber-attacks in 2023, uncovered startling figures that underline the growing menace of cyber threats.
A staggering 36% of the surveyed businesses reported a disruption in their operations due to cyber-attacks, while 29% experienced the theft or unauthorized access of personal data. The extent of the assaults didn’t stop there; over two-thirds (69%) of businesses felt an impact from cyber incidents, with nearly half (46%) stating that recovery from these events extended beyond a month. Alarmingly, 9% disclosed that it took them five months or more to resolve the incident.
“This year, we are witnessing a shift in strategies employed by cybercriminals, increasingly focusing on inducing operational downtime rather than data theft or encryption. This trend mirrors global events and is primarily financially motivated,” commented Alastair Miller, Principal Consultant at Aura Information Security, a division of Kordia. Miller’s observations shed light on a new breed of cyber extortion where the inability of businesses to operate garners higher ransom demands.
The repercussions of such cyber-attacks extend far beyond immediate operational disturbances. Significant incidents can leave businesses grappling with resolution and recovery for months, inflicting financial damage in the hundreds of thousands. For large corporations and critical infrastructure providers, the ripple effects can be felt across supply chains and even the broader economy.
Despite the rising tide of cyber threats, New Zealand companies seem hesitant to elevate cyber security to a level of paramount importance within their corporate governance structures. Only two-thirds of enterprises recognize the critical nature of cyber security for their board, a perspective that must evolve for the enhancement of national business and industrial resilience.
On a global scale, cyber threats have reached unprecedented levels in 2023, with incidents such as the hack on Australian financial services company Latitude compromising the personal data of one million Kiwis. The attack marked the largest privacy breach in New Zealand’s history, illuminating the severe implications of cyber incidents not only on privacy but also on the internal workforce of affected organizations.
The challenge of recruiting sufficiently skilled personnel to manage cyber security emerges as a significant hurdle for businesses. The scarcity of qualified professionals in the field, both locally and internationally, underscores the urgency of bolstering cyber defense capabilities amidst a rapidly changing threat landscape.
Miller cited a recent study highlighting the psychological toll of cyber-attacks on individuals, equating the impact to that of conventional political violence or terrorism. With a considerable 80% of large New Zealand businesses reporting cyber incidents within the past year, the strain on cyber security leaders and their teams is both significant and concerning.
The survey also revealed that 39% of cyber incidents were attributed to cloud misconfigurations or software vulnerabilities, with DDoS (Distributed Denial-of-Service) attacks following closely at 35%. The evolving dynamics of cyber threats further accentuate the necessity for businesses to adapt and fortify their cyber defenses effectively.
With the advent of a new government, the call for enhanced cyber security measures grows louder among Kiwi business leaders. One-third of respondents advocate for increased government expenditure on national cyber security, alongside a desire for more stringent penalties for organizations failing to safeguard data.
“Compared to the international landscape, New Zealand’s current privacy laws may be seen as lenient. The pressing need for more robust legislation is clear if we are to safeguard against the escalating cyber threat landscape,” Miller concludes, hinting at possible legislative reforms inspired by international precedents such as Australia’s recent cyber security governance improvements.
As New Zealand contemplates its next steps in bolstering national cyber security, the insights provided by this study underscore the critical need for action. The pervasive threat of cyber-attacks demands comprehensive strategies to protect businesses, their employees, and, by extension, the national economy.
