Cyber attacks that take down entire computer systems are becoming increasingly common. Photo: RNZ
Small and medium sized businesses have a one in three chance of being the target of a cyber attack.
New research from the National Cyber Security Centre, which is part of New Zealand's Government Security Bureau (GCSB), reveals that despite the high risk, many businesses do not put cyber security measures in place until it was too late.
NCSC works to provide trusted and authoritative information and advice, while also collating a profile of the threat landscape in New Zealand.
Director Michael Jagusch says businesses need to improve their defences before they're attacked.
The latest NCSC research - the Cyber Security Behaviour Tracker - found 36 percent of small and medium businesses (SMEs) experienced at least one cyber attack in the past six months.
Of these, 57 percent took new actions to keep themselves more secure online, compared to only 27 percent of SMEs that had not been attacked.
Some of the more worrying findings were that more than a third of SMEs did not regularly back up their data and 23 percent did not do regular updates of software.
"SMEs don't know where to start when it comes to cyber security. Because of this, we developed a tool for our Own Your Online website that can help businesses go through their current processes and see what they can do to improve them," NCSB director of mission enablement Michael Jagusch said.
"Business owners are busy doing the things they love with their companies, so our goal is to save them time by helping identify what cyber security practices they should focus on."
The latest survey found while 55 percent of SMEs had it as a top priority, less than half said they were prepared for a cyber incident.
"The findings for small and medium businesses confirm what we've seen in other pieces of work," Jagusch said.
"While it's good to see some actions being taken up, the more future-oriented ones aren't. Businesses are aware that cyber security is critical, but other concerns are taking priority."
He was concerned a lot of SMEs continued to focus "on the ambulance at the bottom of the cliff, rather than building the fence at the top".
"We'll continue working with SMEs to give them more tools and advice so they can easily adopt forward-thinking approaches to cyber security."
NCSC works to support all businesses, organisations and individuals who are affected by cyber security incidents.
