The study, which surveyed 100 New Zealand organisations, saw accidental IT incidents ranked second most significant threat, followed by IT attacks conducted by insiders, traditional crime, natural disasters, brand related events such as incidents causing negative publicity and terrorist attacks.
The survey also found that 39% of the businesses see cybersecurity as being somewhat or significantly more important than 12 months ago, with the rise of social media, the introduction of personal devices into the workplace and the rise of mobile computing identified as key contributors to the difficulty in securing operations.
The concerns about cyber attacks may be well founded, with 64% of the surveyed businesses having experienced a cyber attack in the past 12 months – and Steve Martin, Symantec’s director SMB, Pacific region, says the 36% of respondents who said they didn’t see any cyber attacks ‘probably didn’t look hard enough’.
Twenty per cent of businesses experienced a loss of $70,000 or more as a result of a cyber attack; 56% experienced downtime as a result of cyber attacks; 24% lost corporate data; 21% lost intellectual property and 20% reported theft of financial data or credit card numbers. Nearly one in four (22%) couldn’t identify what information was taken or the impact of the attack. Social engineering attacks and malicious code attacks were reported as growing ‘somewhat or extremely quickly’.
Steve Martin says organisations need to take a proactive and holistic approach to their IT security which minimises the likelihood of data breaches caused by cyber attacks. "The prevalence of data loss caused by cyber attacks reported in this study highlights the need for more stringent cybercrime laws and legislative reforms that require companies to fast-track the notification of their customers of a data breach in New Zealand,” Martin says.
With social media, consumerisation of IT and mobile computing driving New Zealand security issues, Martin says the challenge for many businesses is finding the right balance of leveraging productivity-enhancing innovations like mobile computing, social media, the consumerisation of IT, cloud computing and virtualisation while not compromising on their levels of cybersecurity. "The best approach for any business facing these security challenges is to apply the same levels of security and management to all endpoints – whether mobile, on premise or in the cloud – without exception.”
The study notes that mobile security tools are on the shopping lists for 28% of New Zealand businesses, and the top three growth areas are web security (48%), network security (45%) and messaging security (43%). Businesses identified growth for budgets much the same with web security (37%), network security (34%) and security systems management (32%) topping the list. Spending on security for virtualised and public cloud systems is also accelerating at 28% and 21% respectively.