Why small businesses are crucial to Aotearoa’s overall cyber resilience
While we often associate cyber security with large corporations and government agencies, the reality is, your local cafe, your favourite boutique, that tradie you hired last week, and even your business all play a crucial role in keeping Aotearoa safe online.
Small and medium enterprises (SMEs) are often referred to as the ‘backbone of Aotearoa's economy’, making up about 97% of businesses and employing around 30% of the workforce. But with that massive presence also comes responsibility. A cyber attack on one SME can create a domino effect, impacting supply chains, customer trust, and the broader economic environment.
Large outages and breaches might be the stories that make the news, but according to the CERT NZ SME Cyber Security Behaviour Tracker 2024, approximately 43% of SMEs reported experiencing a cyber incident in the past year. The average cost of a data breach for an SME is $173k - not small change for a small business.
Here are some of the key threats:
Phishing Attacks: These scams trick employees into giving up sensitive info or downloading harmful software. The report reveals that one in five SMEs encountered phishing attempts.
Ransomware: Cybercriminals lock essential data and demand a ransom, disrupting business operations.
Data Breaches: SMEs may not have the resources to implement robust data protection measures, making them susceptible to unauthorised access. The report notes that only 39% of SMEs have an incident response plan in place.
The report describes SMEs as ‘a linchpin of cyber resilience’, and that the cyber behaviours of SMEs are central to the progression of safe cyber behaviours in Aotearoa. Cybercriminals often target smaller companies that serve larger clients, exploiting weaker security measures as a gateway to larger opportunities. Regardless of size or revenue, any business dealing with sensitive data needs to prioritise cybersecurity.
The good news is that Kiwi SMEs are taking steps to protect themselves. The CERT NZ report shows that most SMEs are updating their software regularly, using strong passwords (make it a mix of letters, numbers, and symbols), and even setting up logs to track changes in their systems.
But there is still work to be done. Businesses are largely ticking the box when it comes to basic preventative actions, however future-looking actions and an on-going mindset of vigilance is the next step. Just over half of businesses say they stay up to date with the latest online security advice and only a third have an incident response plan in place.
What’s currently standing in their way? 25% say they forget, 24% say they already feel like they’re doing enough and 30% say they don’t know what to do and how to do it.
These challenges are the reason we partnered with Onwardly, a platform that is helping to democratise security and privacy, making it more accessible, and affordable, for SMEs to proactively defend their business. We recognise that having in-house knowledge and resources to create and maintain an IT security plan isn’t always realistic for an SME. Onwardly supports our goal of improving security literacy for our customers, making security goals and actions more visible. Onwardly enables everyone, not just those with unlimited resourcing, to:
Conduct your own cyber security risk assessments
Establish an implementation plan and automate tasks
Set achievable targets, receive progress reports and improve your security resilience
Depending on the support you need from us, we’ll guide you through security decisions and assist you in prioritising next steps. Our Agile plan includes the Onwardly Starter pack, and we see that as a great way to strengthen your line of defence, identify gaps and help you maintain that on-going mindset of vigilance.
If you’re also keen to provide your staff with security and privacy awareness training our partner, SafeStack, is a great option.
If you’re conscious that your business could be doing more to stay secure, but you’re not sure where to start, get in touch and we can tell you more about our strategy and support options.