Businesses facing greater online threats
Over half of New Zealand businesses have experienced an online threat over a six-month period.
If your business has faced an online attack, you’re not alone – over half of businesses have faced an online threat this year, according to new research by the National Cyber Security Centre (NCSC).
Read the SME cyber security behaviour tracker 2025 - NCSC (external link)
“This year, 53% of New Zealand’s small to medium businesses told us they experienced an online threat in the past six months, significantly higher than the 36% reported in last year’s survey,” says Mike Jagusch, Director Mission Enablement, NCSC.
“With online threats increasing in frequency and sophistication globally, New Zealand’s businesses need to anticipate a cyber security attack and plan accordingly to lessen the threat and be ready to respond.”
However, while 94% of small businesses recognise that online security is important, many believe they are already doing enough to be cyber secure.
“This perception by some businesses that they are already doing enough is preventing them from implementing some of the most important cyber security practices such as using two-factor authentication (2FA) and regularly backing up their data and files,” says Mr Jagusch.
“2FA is a simple and effective way of adding an extra layer of protection to online accounts that can often prevent the majority online attacks.
“Of the businesses surveyed that experienced a cyber attack, over 50% of these attacks caused at least some impact on the business.
“These include financial loss, time wasted, impact to business operations and productivity, damaged reputation with customers or suppliers, or access to sensitive business information or businesses accounts,” Mr Jagusch says.
If you run a business and are not sure how to go about managing your online security, you can complete a short online assessment and get a customised plan that works for you, or watch our free, short Business Online Security Series which takes you through how to implement the basic online security measures.