In the past couple of years, cyberattacks have become more frequent in New Zealand (NZ), with insurers reporting a significant increase in the number of reports and claims. As a result, it is now more crucial than ever for Kiwi businesses to have effective risk management and insurance in place to protect themselves against these cyber threats.

This article highlights the current cyber risk trends in NZ and explains how businesses can manage these risks effectively. Additionally, it explores the role of cyber insurance in helping businesses to mitigate the financial impact of cyberattacks.

State-sponsored Attacks

State-sponsored and criminal cyberattacks are among the most prevalent cyber hazards in New Zealand, according to the Government’s Computer Emergency Response Team (CERT NZ). The most frequently reported event categories are phishing and credential harvesting, which are often used to gain access to sensitive information or systems.

These types of cyberattacks account for more than half of all reported incidents to CERT NZ. Given that small and medium-sized businesses (SMEs) dominate the NZ economy, there are many low-level cyber incidents.

The majority of losses resulting from these attacks are caused by scams, phishing, and credential harvesting, which are all aimed at making money. These can include sophisticated email invasions that redirect funds, particularly in property settlements and social engineering scams such as “romance scams.”

It is critical that New Zealand businesses implement effective cybersecurity measures and stay up to date with the latest threats to protect themselves against state-sponsored and criminal cyberattacks. By doing so, they can minimize the risk of financial losses and reputational damage caused by these types of attacks. Additionally, businesses can consider cyber insurance as a valuable tool to help mitigate the financial impact of cyber incidents.

When it comes to running a business, it’s important to protect yourself from unexpected events that could potentially lead to financial ruin. This is especially true for accountants, who deal with sensitive financial information and are at risk of facing legal action from dissatisfied clients. Insurance for accountants can provide peace of mind and financial protection in the event of professional negligence claims, data breaches, or other unforeseen circumstances. Don’t overlook the importance of accounting insurance.

Attacks From Overseas

In New Zealand, ransomware is the primary cause of loss for organizations in the corporate sector, which is consistent with global trends. The majority of these attacks originate from overseas, posing a significant challenge for businesses seeking to defend themselves against cyber threats.

State-sponsored cyber action is also a significant concern for New Zealand’s nationally significant organizations, with current geopolitical issues, such as the Russia-Ukraine conflict and military tensions in the Asia-Pacific region, having a significant impact.

Distributed denial-of-service (DDoS) attacks are another form of cyber attack that has become increasingly prevalent in New Zealand over the past five years. These attacks involve sending a massive volume of traffic to a server to prevent users from accessing a digital service. The New Zealand Stock Exchange, banks, electricity providers, state-owned organizations, and telecoms firms have all been targeted by DDoS attacks.

Criminal gangs often use DDoS attacks or the threat of them to demand ransom payments, which are typically made in cryptocurrencies. This underscores the importance of businesses having effective risk management strategies in place to mitigate the financial impact of cyber incidents, including cyber insurance.

Businesses in New Zealand must remain vigilant and take proactive measures to defend against scams and attack targets from abroad, including implementing robust cybersecurity measures and investing in cyber insurance to mitigate the financial impact of cyber incidents.

Attacks That Leverage Emotion

Cyberattacks are becoming increasingly sophisticated and are preying on our emotions, which is a growing concern in New Zealand and globally.

The frequency and severity of attacks have been on the rise worldwide, and New Zealand is no exception. Phishing attacks have become more sophisticated, and NZ citizens and businesses are now being targeted by increasingly “localized” schemes, including phishing emails written in te reo Māori. These attacks can also pose as banks, charities, IT companies, and governmental organizations, making them more difficult to detect.

In recent years, email phishing attempts aimed at eliciting a strong emotional response have been reported to CERT NZ. These can include phony rescue efforts for countries like Ukraine, playing on people’s desire to help those in need.

Furthermore, the pandemic has left many businesses ill-prepared and inadequately protected when required to work remotely due to lockdown restrictions. This has created a significant opportunity for cyber attackers to exploit flaws and weaknesses in systems and networks, resulting in an upsurge in cyberattacks over the past two years.

It is critical that New Zealand businesses remain vigilant and adopt robust cybersecurity measures to protect themselves from these evolving cyber threats. This includes implementing security awareness training for employees, utilizing multi-factor authentication, and investing in cyber insurance as a valuable tool to help mitigate the financial impact of cyber incidents.

How to Protect Your Company Against Cyber Risks

In today’s digital age, it is crucial for businesses to have a robust IT system to defend against the increasing number of cyber attacks. However, most cyber attacks are initiated by people, making it equally important to have established procedures and consistent training to identify a breach and know how to respond to it.

To assist businesses in managing incidents, CERT NZ recently published an incident management manual. Risk assessment and incident planning are the key recommendations from CERT NZ, emphasizing the importance of being prepared for a cyber attack.

In addition, cyber insurance plays a crucial role in reducing the financial and operational risks of a cyber attack. Cyber insurance in New Zealand typically covers network security breaches, privacy breaches, and confidentiality breaches. The insurance can also cover the cost of first responder personnel to examine and repair the IT network, as well as lost wages and the payment of fines and penalties for privacy violations.

However, the coverage offered for extortions or ransoms is likely to undergo future adjustments. While the conventional approach is to exclude coverage for terrorism, the definition of a cyber attack is expected to shift as state-sponsored cyber terrorism continues to rise. Exclusions from coverage for state-sponsored cyber attacks are likely to be included in the future.

Compared to Australia, New Zealand is still lagging in the use of cyber insurance. However, with the Privacy Act in effect since 2020 and the implementation of privacy reporting requirements, there is a growing acceptance of cyber policies in the country. It is anticipated that underwriting criteria for specific organizations will be modified in the coming year to further promote the use of cyber insurance.