Cyber Security
 | 2 min read

How does your cyber security stack up against other Kiwi businesses?

By  Aura Information Security,
 3 December 2017

Blog image #5.png

Earlier this year, we began surveying over 220 business IT decision makers from organisations across New Zealand (with 20+ employees) about their cyber security posture.

The results are in and they show that Kiwi businesses are taking cyber security more seriously as the number of cyber-attacks continues to rise. However, there are still some areas where improvement is needed. 

  • Over half of New Zealand businesses now acknowledge their risk of falling victim to cyber-crime. 
  • 46% have been targeted by ransomware, malware or phishing attempts in the last 12 months.
  • 1 in 4 were impacted by the recent NotPetya and WannaCry attacks and many more were prompted to update their cyber security policies.


Areas to improve

These high-profile attacks may have spurred action by companies to secure their valuable assets, but cyber security is made up of many different parts, covering people, process and technology.



Your staff are your biggest weakness with over 90% of cyber-attacks starting with employees click on unsafe links in phishing emails.

Although 75% of respondents were confident that their staff understand cyber security best practice, over 30% do not carry out employee training or awareness programmes. 


Testing your defences

Only half of the businesses surveyed carry out regular penetration tests of web-facing applications.

In a previous blog, we talked about the importance of putting your defences to the test by simulating a cyber-attack. This form of testing is called a Red Team attack and its purpose is to provide an organisation with a complete ‘warts and all’ look at its security posture. 

With only half of businesses currently undertaking penetration testing, there is still a significant number who aren’t assessing whether their security could withstand an attack.

And in the event of a data breach, interruption to services or malware attack, one third do not have a cyber-incident response plan in place and over 40% don’t have cyber insurance in place.

To see the full results of our survey, download the report here. 

To find out more about how you can put your business’ defences to the ultimate test, download our Introduction to Red Teaming guide.

Download the Guide