Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

NZ lags behind global counterparts in managing security

New Zealand organisations lag behind global counterparts in managing security and privacy risk

New Zealand organisations are trailing behind their global counterparts in managing their security and privacy risk, according to findings from The Global State of Information Security® Survey 2015 by PwC, in conjunction with CIO and CSO magazines.

PwC Partner and Cyber Practice Leader Adrian van Hest says, “New Zealand organisations were above average in developing a cyber security strategy, however poorer when it comes to executing it, particularly the supporting elements such as standards, policies, classification of data and tools such as identity management, activity monitoring, risk management tools and encryption.

“So while senior executives in New Zealand organisations seem to be taking cyber security and privacy seriously by assigning ownership and responsibility for this within their organisations, we’re behind other countries in a number of key areas. For example, when it comes to privacy, we’re at odds with global practices such as requiring employees to complete training on privacy policy, formally acknowledging compliance and imposing disciplinary measures for violations. We’re also lagging behind in using big data analytics to measure the risk and impact related to information security.

“These risks are exposing organisations to financial, regulatory, brand and productivity impacts and we’re encouraging them to address these. Cyber risks will never be completely eliminated, so organisations must understand that the perpetual and ever changing nature of threat, demands a fairly dynamic and proactive approach.”

Findings show that the number of detected incidents leapt 48%, to 42.8 million, the equivalent of 117,339 attacks per day in 2013 and this increase comes at great cost with total financial losses attributed to security compromises increasing 34% over 2013. Detected security incidents have increased 66 percent year-over-year since 2009, the survey data indicates.

“It’s come as no surprise that the rising incidents and associated financial impacts continue to increase,” says Mr van Hest. “The scale of the breaches is much larger and their impact extends to C-suite and the boardroom, with insider incidents and high-profile crimes on the rise.”

Globally, big losses have been more common this year as organisations reporting financial hits in excess of US$20 million nearly doubled. Despite greater levels of concern, the survey found that global information security budgets actually decreased 4 percent compared with 2013. Security spending as a percentage of IT budget has remained stalled at 4 percent or less for the past five years.

“New Zealand organisations are bucking this trend however and 67% plan to spend more on their security budgets in the next 12 months. Hopefully this means the increased level of activity in ownership of the issues and a strategic approach is now translating into investment and action.

“Organisations will need to identify and invest in cyber security practices that are most relevant to today’s advanced attacks. It’s important that their processes are fully integrated for predictive, preventive, detective and incident-response capabilities to minimise the likelihood and impact of incidents.

Meanwhile, high profile attacks by nation-states, organised crime and competitors are among the least frequent incidents, yet the fastest-growing cyber threats. This year, respondents who reported a cyber-attack by nation-states increased 86 percent – and those incidents are also most likely under-reported. The survey also found a striking 64 percent increase in security incidents attributed to competitors, some of whom may be backed by nation-states.

Effective security awareness requires top-down commitment and communication, a tactic that the survey finds is often lacking across organisations.

“It is vitally important for companies to focus on rapid detection of security intrusions and to have an effective, timely response. Given our interconnected business ecosystem, it is equally as important to establish policies and processes regarding third parties. Larger organisations need to be particularly wary as they’re more likely to be targets since they offer more valuable information and their size and complexity make attacks less likely to be detected.

“Organisations must change from focusing on prevention and controls for security, to an information-centric and risk-based approach that uses controls to enable the business Information is a powerful business asset and the right approach to security and privacy will empower organisations to maximise its potential,” concludes Mr van Hest.

- ends –

© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 


Stats: Auckland’s Population Falls For The First Time
In the wake of the COVID-19 pandemic, New Zealand’s population growth slowed down with Auckland recording a population decline for the first time ever, Stats NZ said today. “New Zealand saw slowing population growth in all regions... More>>



BusinessNZ: Third Snapshot Report Reveals $9.5 Billion Business Investment In Climate Action

Signatories to the Climate Leaders Coalition have committed to invest $9.5 billion over the next five years to reduce emissions from their businesses, as revealed in their third anniversary snapshot report released today... More>>

Digitl: The home printer market is broken
Printers are more of a security blanket that a serious aid to productivity. Yet for many people they are not optional.
Even if you don’t feel the urge to squirt ink onto dead trees in order to express yourself, others will insist on printed documents... More>>


Retail NZ: Some Good News In COVID Announcements, But Firm Dates Needed

Retail NZ is welcoming news that the Government is increasing financial support for businesses in light of the ongoing COVID-19 lockdown, and that retail will be able to open at all stages of the new “Covid Protection Framework... More>>

ComCom: Companies In Hot Water For Selling Unsafe Hot Water Bottles And Toys

A wholesaler and a retailer have been fined a total of $140,000 under the Fair Trading Act for selling hot water bottles and toys that did not comply with mandatory safety requirements. Paramount Merchandise Company Limited (Paramount) was fined $104,000 after pleading guilty in the Manukau District Court... More>>



Reserve Bank: Robust Balance Sheets Yield Faster Economic Recovery

Stronger balance sheets for households, businesses, financial institutions and the government going into the pandemic contributed towards maintaining a sound financial system and yielding a faster economic recovery than following previous deep recessions... More>>