Main sources for attacks from email or phishing scams (70%) and hacking attempts (47%).
Businesses that experienced a cyber attack were most likely to have been attacked within the last two years, with almost half (48%) having experienced an attack within the last 12 months.
The main impact of cyber attacks on businesses were:
- downtime (45%)
- inconvenience (41%)
- expense for re-doing work (29%)
- privacy breach (16%)
- financial loss (15%)
- data loss (12%)
Of those that had lost data in an attack, one-quarter of that data (24%) had not been recovered.
“Small businesses dominate the New Zealand economy: 97 percent of enterprises have fewer than 20 employees and 70 percent are sole traders,” says Mark Gorrie, Director, Norton Business Unit, Pacific region, Symantec.
“Collectively they employ 29 percent of New Zealand private sector workforce and account for more than a quarter of New Zealand gross domestic product. That’s a lot of employees and critical business information to protect from cyber criminals.”
Almost a third (31%) of business operators surveyed do not believe they would last a week without critical business information.
Despite this, one in five small businesses (19%) back up their business data no more than once a month.
Meanwhile 12% are required to retrieve lost data such as emails or deleted files on at least a monthly basis. Most business operators (62%) are using external hard drives for their backups, while almost one-third were using a cloud provider for their backups.
Alarmingly, 16% of respondents backed up to their own computer and of these, 70% did not back up anywhere else, leaving themselves vulnerable to complete loss of data.
“It is concerning that New Zealand small businesses are leaving themselves and their critical business information exposed and vulnerable,” said Gorrie. “When 31 percent of businesses don’t think they can last a week without their critical business information – it makes absolutely no sense not to do everything you can to protect it.”
BusinessNZ Chief Executive, Kirk Hope, said data protection was necessary for all businesses.
The survey found that 18% of SMBs in New Zealand do not have an internet security solution. The main reason business operators gave for forgoing internet security was that it was not a priority for their business (31%).
Even those businesses with internet security are taking some risks with their critical business information. While 92% of PCs and 89% of laptops are secured, that percentage drops to 61% for tablets and 42% for mobile phones.
“Once infected, nothing matters to cyber criminals but payment – they don’t care about disruption to business or the impact on customers. Not having basic internet security in place will, given time, compromise the business. It’s time for New Zealand SMBs to make online security a business priority and even consider cyber insurance to protect them should they be impacted by a cyber attack,” said Gorrie.
Ransomware prevents or limits users from accessing their system unless a ransom is paid. Only five percent of New Zealand business operators had been affected by a ransomware attack. Of the businesses surveyed who had experienced a ransomware attack, only 13% had paid the ransom, which, on average, had amounted to $1,340. Ransoms were all in US dollars. All businesses affected by a ransomware attack had received their files back after they had paid.
Two-thirds of business operators said they would likely report a ransomware attack to the police. When asked if they would pay the ransom, 68% of business operators didn’t think they would.
“Often people don’t know what to do, don’t understand their options, and don’t have the right security in place to combat a ransomware attack – so they pay the ransom,” said Gorrie.
“Unfortunately, when local businesses pay up it fuels the proliferation of this style of attack. What people actually do when their critical business information is held to ransom is often different from what they think they’d do in that situation.”