Scoop has an Ethical Paywall
Licence needed for work use Learn More

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

Blasé Attitude To Cybersecurity By Business A National Risk

The largely unregulated state of cybersecurity in New Zealand, and the consequential ambivalence of most local businesses, risk hurting the country's global trading prospects.

Author of the book 'She'll Be Right (Not!) – a cybersecurity guide for Kiwi business owners – SMB cybersecurity expert Daniel Watson, said that apart from the Privacy Act, there is very little in the way of IT security regulation in New Zealand. However, overseas markets like the United States and Europe have implemented strict legislation to protect the public and businesses from international cybercriminals.

"Anybody can call themselves a cybersecurity expert in New Zealand, and many do, but selling anti-virus software isn't even the tip of the iceberg when it comes to protecting your data, assets and intellectual property.

"Critical security controls, anti-malware, security awareness, good practise authentication protocols and processes to manage unintentional data breaches are a whole other level of control that most New Zealand SMEs, in particular, just do not have."

Watson, who at a local level helps companies comply with the European Union's GDPR legislation and NIST in the United States—among others—said international companies are increasingly demanding that local companies show compliance with relevant international standards.

"Not only do they expect you to be compliant with standards like the GDPR, but they also expect you to be able to prove it, and I fear that many New Zealand companies because there is no local pressure, will be caught with their pants down.

Advertisement - scroll to continue reading

"It isn't hard. Globally there are standards like ISO27001 which will help ensure that New Zealand companies will comply with most if not all overseas cybersecurity regulations and a growing set of cybersecurity insurance compliance demands—ISO is holistic and neutral."

When faced with demands for greater compliance from their insurer, Watson said one local company abandoned cybersecurity insurance altogether.

"Which is just nuts when you consider that cyber-attacks increased 31% in 2020-2021 alone and is expected to cost the world more than $10.5 trillion by 2025."

Watson urged local New Zealand businesses to take the following steps to protect their client data, their business and their markets:

1. Top-down

IT security must become a top-down responsibility. The board, the chairman of the board, CEOs and owner-managers, should take personal responsibility for their cybersecurity rather than outsourcing or delegating responsibility.

2. Cybersecurity Insurance

Ensure your company has cybersecurity insurance to protect against attack and ensure some compliance.

3. Adopt ISO27001

The lack of proper cybersecurity legislation in New Zealand can be addressed by adopting ISO27001 because it is agnostic and recognised globally.

"We need the Government to begin taking property oversight of this issue, and better communicate around the grave risk that cybercrime presents to the New Zealand public and local businesses," Watson said.

For more information visit: https://www.linkedin.com/in/daniel-watson-smb-cybersecurity-expert-07424b12/

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.