Earlier this year, we began surveying over 220 business IT decision makers from organisations across New Zealand (with 20+ employees) about their cyber security posture.
The results are in and they show that Kiwi businesses are taking cyber security more seriously as the number of cyber-attacks continues to rise. However, there are still some areas where improvement is needed.
Areas to improve
These high-profile attacks may have spurred action by companies to secure their valuable assets, but cyber security is made up of many different parts, covering people, process and technology.
People
Your staff are your biggest weakness with over 90% of cyber-attacks starting with employees click on unsafe links in phishing emails.
Although 75% of respondents were confident that their staff understand cyber security best practice, over 30% do not carry out employee training or awareness programmes.
Testing your defences
Only half of the businesses surveyed carry out regular penetration tests of web-facing applications.
In a previous blog, we talked about the importance of putting your defences to the test by simulating a cyber-attack. This form of testing is called a Red Team attack and its purpose is to provide an organisation with a complete ‘warts and all’ look at its security posture.
With only half of businesses currently undertaking penetration testing, there is still a significant number who aren’t assessing whether their security could withstand an attack.
And in the event of a data breach, interruption to services or malware attack, one third do not have a cyber-incident response plan in place and over 40% don’t have cyber insurance in place.
To see the full results of our survey, download the report here.
To find out more about how you can put your business’ defences to the ultimate test, download our Introduction to Red Teaming guide.
