Sixty-two percent of Kiwi businesses polled in a recent survey don’t have an IT privacy and security strategy in place, and only 50% had a person specifically tasked with cyber-security.
The stark figures are highlighted in the Grant Thornton International Business Report, a global survey of 2500 business leaders.
The report reveals that cyber attacks are taking a serious toll on businesses globally, with one in six businesses surveyed facing a cyber attack in the past year and the total cost of attacks globally estimated to be at least US$315 billion over the past 12 months.
Regionally, cyber attacks are estimated to have cost Asia Pacific businesses $81 billion in the past 12 months.
In New Zealand, however, only 26% of respondents surveyed see cyber attacks as a threat in their sector. That’s despite the Australian Cyber Security Centre recently raising concerns about the level of attacks being seen there.
Hamish Bowen, Grant Thornton New Zealand partner, operational advisory, says high profile security breaches are becoming more common and without a comprehensive strategy to prevent digital crime, businesses 'are really putting themselves in the firing line'.
"And it's not just financial risks that businesses need to be worried about, there can be a high price to pay in terms of reputational damage as well - just look at Ashley Madison and Sony," Bowen says.
He says says IT privacy and security should be at the top of the agenda for all organisations.
"It's no longer a question of if your business will come under attack, but when," Bowen adds.
New Zealand’s National Cyber Security Centre (NCSC) saw an increase of more than 60% in reported incidents in 2013.
"The NCSC's 2014 and 2015 incident reports haven't been released yet, but I'm sure we'll see an increase in that figure for the past two years based on what's happening in the current environment," Bowen says.
Paul Jacobs, Grant Thornton global leader of cyber security, says businesses cannot afford to be behind the curve.
"Cyber attacks can strike without warning and sometimes without the victim being immediately aware. The pressure from customers and clients cannot be ignored," Jacobs says.
"In this digital age, rigorous security and privacy is expected. If this cannot be guaranteed, the ultimate risk is they will simply go elsewhere."
The global figures show the average cyber attack is costing businesses 1.2% of revenues.