Cyber risk complacency: Key strategies to overcome cyber security incidents

How often do you think about the cyber security of your business? Is it something you take daily steps to protect or is it something you don’t worry about because your business isn’t at risk.

A 2024 report by the New Zealand National Cyber Security Centre has shown 40% of SME businesses have become ‘cyber complacent’. This means just under half of small business owners are missing basic security steps, don’t believe their business is at risk, and say they are not prepared to respond to a cyber incident*.

But my business isn’t at risk of cyber-attack!

Unfortunately, unless your business operates completely offline, it’s not immune to cyber criminals. 43% of all cybercrimes in 2023 were targeted at SME’s, costing them an average of $173k*. These weren’t just large businesses with large cash-flows, these were small businesses just like yours.

But I wouldn’t fall for a cyber threat!

These days cyber-attacks aren’t just dodgy emails full of spelling mistakes and spam calls. Cyber criminals are getting smarter, AI-assisted phishing scams are on the rise, and AI-generated social engineering is becoming increasingly harder to identify**.

Even if you can detect all threats coming your way, data breaches and successful attacks on anyone who has your details can leave your business at risk. In fact, in 2023 28% of cyber-attacks on businesses, 3^rd party suppliers were determined to be the cause**.

What can my business do to meet basic security standards?

Many SMEs fail to meet even basic cyber security standards due to a lack of understanding about what actions to take and how to implement them.

If your business has fallen into cyber complacency, here’s some tips on how you can work towards being cyber compelled:

Protect your passwords

• Use different passwords for different accounts
• Make sure passwords for main accounts are strong
• Change default password settings on devices

Protect your system

• Verify links and attachments are legitimate before clicking them
• Update software as soon as the update is available
• Use 2 factor authentication on main accounts

Protect your data

• Backup data regularly

Be prepared to react

• Have an incident response plan in place

If you want to be extra secure you can also:

• Only collect necessary data
• Use filters on your email client to block malicious content
• Use anti-virus software and VPN’s
• Set up user-access controls.
• Verify invoice and payment changes via an alternative contact method
• Keep up to date with the latest security advice (The National Cyber Security Centre is a great source)
• Use a password manager
• Set up logs/alerts for organisation changes

Cyber security actions as outlined by the National Cyber Security Centre*

How can I limit damage if my business does experience a cyber-attack?

A cyber-attack can lead to some serious downtime for your business, half of cyber-attack victims reported it took more than one month to fully recover**. Could your business handle that kind of operational downtime?

If not, you may want to consider Cyber Liability insurance – a type of business insurance which protects your business against both the legal costs and expenses (including compensation payments) related to cybercrime incidents. Your coverage may generally include cover for expenses and legal costs relating to data breaches, theft or loss of client information, business interruption costs, forensic investigation, data recovery, extortion, fines and penalties, crisis management costs (to restore your businesses reputation after an attack or data breach), legal costs from any ensuing civil action taken against you or your company.

Compare and buy Cyber Liability insurance here.

*NCSC – SME Cyber Security Behaviour Tracker, June 2024
**Kordia – New Zealand Business Cyber Security Report, March 2024