Survey highlights trends in New Zealand computer crime and security
Media release - 8 December 2010
Results from the 2010 New Zealand Computer Crime and Security Survey have been released, noting an overall reduction in
security incidents and costs per organisation.
The Survey, funded by InternetNZ (Internet New Zealand Inc), highlights a range of trends, including incidence of the
Conficker virus, the frequency and cost of cyber security breaches, security awareness and percentage of IT budgets
spent on security across a broad range of private and government organisations relating to calendar year 2009.
The Survey is conducted annually by student KJ Spike Quinn of the University of Otago Security Research Group, in
partnership with the NZ Internet Task Force, New Zealand Police and the Computer Security Institute (CSI).
The 2010 Survey results are based on the responses of 176 New Zealand computer security practitioners. Key points below:
* There has been a reduction in incident numbers and costs per organisation since 2007.
* Over 60 percent of respondents use less than five percent of their IT budget on security.
* Almost half of respondents think their organisation needs to do more to ensure 3rd party contractors’ level of IT
security qualification, training, experience and awareness.
* At 46 percent, Generic External Threat (virus/malware) was the greatest perceived security issue.
* One in four respondents had no security tools or procedures with respect to mobile device security and over half of
respondents had no USB incident protection in place.
InternetNZ Chief Executive Vikram Kumar says “the Survey fills an important gap in quantifying computer crime and
security issues in New Zealand As a longitudinal survey, it is helpful in spotting historical trends, such as an
increasing trend for New Zealand organisations to outsource their security function.
“Even though the overall trend is a reduction in security incidents and costs per organisation, there is no room for
complacency. Almost 70 percent of respondent organisations experienced some sort of security incident. Some 28 percent
experienced unauthorised use of their systems with internal threats at least as significant as external threats.
“Though theft of laptops and mobile hardware is now the most widely experienced incident, newer security incidents are
appearing, such as exploit of users social network profile and extortion/blackmail regarding threat of system attack or
for release of stolen data.”
A PDF version of the survey results, with full commentary, is available at: