The latest Norton SMB Cyber Security Survey of New Zealand’s small to medium businesses (SMBs) shows that almost one in five (18 percent) have been targeted by a cyber attack. These cyber attacks were costly and left SMBs with an average loss of approximately NZD$19,000 for each cyber attack.
Furthermore, SMBs that experienced a cyber attack were most likely to have been attacked within the last two years, with almost half (48 percent) having experienced an attack within the last 12 months. The main sources for these attacks came from email or phishing scams (70 percent) and hacking attempts (47 percent).
The main impact of cyber attacks on SMBs were:
Of those that had lost data in an attack, one quarter of that data (24 percent) had not been recovered.
“Small businesses dominate the New Zealand economy: 97 percent of enterprises have fewer than 20 employees and 70 percent are sole traders,” says Mark Gorrie, Director, Norton Business Unit, Pacific region, Symantec. “Collectively they employ 29 percent of New Zealand private sector workforce and account for more than a quarter of New Zealand gross domestic product. That’s a lot of employees and critical business information to protect from cybercriminals.”
Almost a third (31 percent) of business operators surveyed do not believe they would last a week without critical business information.
Despite this, one in five small businesses (19 percent) back up their business data no more than once a month.
Meanwhile 12 percent are required to retrieve lost data such as emails or deleted files on at least a monthly basis. Most business operators (62 percent) are using external hard drives for their backups, while almost one third were using a cloud provider for their backups.
Alarmingly, 16 percent of respondents backed up to their own computer and of these, 70 percent did not back up anywhere else, leaving themselves vulnerable to complete loss of data.
“It is concerning that New Zealand small businesses are leaving themselves and their critical business information exposed and vulnerable,” said Gorrie. “When 31 percent of businesses don’t think they can last a week without their critical business information – it makes absolutely no sense not to do everything you can to protect it.”
BusinessNZ Chief Executive, Kirk Hope, said data protection was necessary for all businesses.
The survey found that 18 percent of SMBs in New Zealand do not have an internet security solution. The main reason business operators gave for forgoing internet security was that it was not a priority for their business (31 percent).
Even those businesses with internet security are taking some risks with their critical business information. While 92 percent of PCs and 89 percent of laptops are secured, that percentage drops to 61 percent for tablets and 42 percent for mobile phones.
“Once infected, nothing matters to cyber criminals but payment – they don’t care about disruption to business or the impact on customers. Not having basic internet security in place will, given time, compromise the business. It’s time for New Zealand SMBs to make online security a business priority and even consider cyber insurance to protect them should they be impacted by a cyber attack,” said Gorrie.
Ransomware prevents or limits users from accessing their system unless a ransom is paid. Only five percent of New Zealand business operators had been affected by a ransomware attack. Of the businesses surveyed who had experienced a ransomware attack, only thirteen percent had paid the ransom, which, on average, had amounted to $1,340. Ransoms were all in US dollars. All businesses affected by a ransomware attack had received their files back after they had paid.
Two thirds of business operators said they would likely report a ransomware attack to the police. When asked if they would pay the ransom, 68 percent of business operators didn’t think they would.
“Often people don’t know what to do, don’t understand their options, and don’t have the right security in place to combat a ransomware attack – so they pay the ransom,” said Gorrie.
“Unfortunately, when local businesses pay up it fuels the proliferation of this style of attack. What people actually do when their critical business information is held to ransom is often different from what they think they’d do in that situation.”