New Zealand is one of Asia Pacific’s ‘Cyber Five’ for the most vulnerable countries to cyber attacks despite increased cyber resilience capabilities and strategies to deal with them.
That is what a new paper from Delta Insurance claims, citing the Global Cybersecurity Index that puts New Zealand in 19th place for its commitment to cybersecurity.
The ‘Cyber Five’ includes New Zealand, Australia, South Korea, Japan and Singapore – countries that are apparently at risk of attacks more than any other Asian economy.
“New Zealand’s global information footprint is on the rise and our increased dependencies on globally connected Internet infrastructure will only draw New Zealand further into the cyber risk landscape,” the report says.
According to Delta co-founder Ian Pollard, the research reveals deep vulnerabilities in New Zealand businesses.
“A cyber risk can arise despite a business’s best efforts to avoid it, and it is vital to mitigate those risks,” he says
New Zealand is also falling behind international standards in terms of legislation. Delta says that breach notification laws are present in other countries, but there is no compulsory data breach notification law yet.
“Following the EU’s and Australia’s lead, a variety of New Zealand proposals have been recommended, both preventative and responsive measures to protect those involved in an attack. The proposed New Zealand legislation will require mandatory training for employees, ensuring their cybersecurity education is sufficient in providing protection for their organisation.”
Combined with the under-reporting of cyber attacks both in New Zealand and across the globe, there is now a perception that a cyber attack victim is punished by publicity, rather than the perpetrator.
Delta found that firms fear negative publicity, legal repercussions and the cost of notifications.
However major threats such as ransomware, Distributed Denial of Service (DDoS) attacks and state-backed cyber warfare continue to cause problems.
While cyber warfare may traditionally be associated with nation-states such as North Korea, New Zealand is still vulnerable and ‘will be affected in more ways than one’ – but the report does not hint at what those ways could be.
Phishing and whaling attacks are continuing to grow. Both may be remedied through education and awareness, but Delta believes technical security controls are necessary.
“The advancements of social engineering have made whaling extremely popular, particularly due to the high returns attackers have been receiving14 compared with the level of technical input,” the report says.
Emerging risks based on technologies such as artificial intelligence and the Internet of Things continue to grow, the company says.
“Experts are warning that the rise of AI will be used by criminals against companies to conduct cyberattacks. With AI, the targeting, payload selection, weaponising, delivery and execution, could in theory, be automated42. Human hackers often get caught because they get spooked, overconfident, frustrated or leave traces that give them away. It is likely that AI-enabled tools would not make the same mistakes – if they did, they would learn very quickly from these mistakes.”
Perhaps with something of a vested interest in the space Delta believes that New Zealand’s total cyber insurance market has potential to reach $100 million by 2025.