IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image

Cybersecurity gaps in New Zealand SMEs highlighted by NCSC

Tue, 3rd Sep 2024

A recent study by the National Cyber Security Centre (NCSC) has highlighted a significant gap in the cyber security preparedness of small and medium enterprises (SMEs) in New Zealand.

The SME Cyber Security Behaviour Tracker 2024 reveals that while cyber security is acknowledged as critical by businesses, actual preparedness remains lacking.

The research shows that 55% of SMEs consider cyber security a top priority. However, less than half (48%) feel prepared for a cyber incident. NCSC's Director Mission Enablement Michael Jagusch commented on these findings: "The findings of the SME Cyber Security Behaviour Tracker 2024 confirm what we've seen in other pieces of work. Businesses are aware that cyber security is critical, but other concerns are taking priority." He added, "The flip side is that a lot of SMEs only act when they are targeted by a cyber attack."

The study, which surveyed 349 SME IT and operations decision-makers, found that 36% of SMEs had experienced at least one cyber attack in the last six months. Of these, 57% took new actions to enhance their cyber security, in contrast to only 27% of non-affected businesses. Discussing these statistics, Jagusch stated, "While it's good to see some actions being taken up, the more future-oriented ones aren't. Essentially a lot of SMEs are focussing on the ambulance at the bottom of the cliff, rather than building the fence at the top."

One of the more alarming revelations from the survey is that over a third of SMEs (35%) do not regularly back up their data, and 23% fail to consistently update their software. Jagusch noted, "The research shows SMEs don't know where to start when it comes to cyber security. Because of this, we developed a tool for our Own Your Online website that can help businesses go through their current processes and see what they can do to improve them."

The NCSC aims to rectify these deficits through ongoing education and support for SMEs. Jagusch emphasised the agency's commitment by saying, "We'll also continue working with SMEs to give them more tools and advice so they can easily adopt forward-thinking approaches to cyber security. Our aim is for the 2025 results to show an increase in those positive behaviours."

The NCSC's initiative is designed to help business owners better manage their time by identifying essential cyber security practices. Jagusch concluded, "Business owners are busy doing the things they love with their companies, so our goal is to save them time by helping identify what cyber security practices they should focus on."

The research underscores the pressing need for increased awareness and proactive cyber security measures within New Zealand's small and medium business sector. By prioritising preventative actions and adopting forward-thinking approaches, SMEs can better shield themselves against the growing threat of cyber attacks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X