Published on the 07/03/2018 | Written by Jonathan Cotton
Geographic isolation doesn’t count for much in the cyber stakes - so why are we unconcerned?
A new whitepaper from Delta Insurance, The evolution of cyber threats: Embracing Cyber Risk Management, lists New Zealand among the vulnerable “Cyber Five” – countries that are nine times more vulnerable to cyberattacks than any other Asian economies. South Korea, Australia, Japan and Singapore also make the top five.
“Our geographical isolation has perhaps made us complacent in the face of relentless and invasive global cyber activity,” reads the report.
“With a cyberattack only a click of a button away, our status as an island nation at the bottom of the world provides us with no defence or security. In fact, it could be argued that our relatively lax approach to cybersecurity, compared with other developed nations, has contributed to New Zealand being recognised as one of the ‘Cyber Five’ countries that are nine times more vulnerable to cyberattacks than any other Asian economies”.
“With a cyberattack only a click of a button away, our status as an island nation at the bottom of the world provides us with no defence or security.”
And the numbers are getting big. Cybercrime is estimated to cost US$1 trillion a year, NZ$250-500 of which is lost here in New Zealand. Ransomware has increased 167 times year-on-year for the last three years and, according to one estimate, alone generates US$1 billion per year for cybercriminals.
An estimated one in five Kiwi business has been hit by some sort of cyber attack with the average bill coming in at a not-insignificant $19,000. According to the report only 6 percent of New Zealand SMEs hold cyber insurance (compared with 14 percent of Australian SMEs).
Get this: 88 percent of New Zealand companies are unaware they can even purchase insurance against a cyber incident.
The Privacy Amendment Act recently came into effect in Australia, meaning data breaches must be reported within 30 days with fines up to AU$1.7 million available for significant privacy breaches. Likewise, the EU’s General Data Protection Regulation will be put into action this May.
By all accounts, New Zealand’s lagging behind.
“The New Zealand Privacy Act 1993 has been under review since 1998. Following recent global regulatory reform, the New Zealand Privacy Commission is calling for urgent improvement to increase penalties for breaches. The Ministry of Justice is now in the process of legislative drafting, with the potential introduction of a new regime by the end of 2018.”
“Following the EU’s and Australia’s lead, a variety of New Zealand proposals have been recommended, both preventative and responsive measures to protect those involved in an attack. The proposed New Zealand legislation will require mandatory training for employees, ensuring their cybersecurity education is sufficient in providing protection for their organisation.”
Blockchain and cryptocurrency is only lightly regulated.
The Global Cybersecurity Index (GCI), a survey which measures the commitment of Member States to cybersecurity, lists New Zealand at 19th compared. Australia sits at 7th place.
But that might be about to change. As governments grow more cognisant of the damage breaches can do to individuals, a shift is being seen in regards to compensation: In the United Kingdom for example, courts have begun to acknowledge broader rights of compensation arising from circumstances where people have suffered loss of data at the hand of businesses.
“Compensatory awards have been given for direct costs of changing privacy information but also to compensate for the concern, anxiety and distress of confidential information being exposed.”
“Given electronic data is now an international commodity, New Zealand businesses need to be prepared for the potential of such claims here and abroad.”
Click here to read The evolution of cyber threats: Embracing Cyber Risk Management.