Small businesses unprepared for cyber threats

While many New Zealand SMEs acknowledge that cyber security is critical, less than half (48%) are prepared for a cyber incident, according to the latest research by the National Cyber Security Centre.  The September 2024 study* highlighted there is a significant gap in SMEs’ cybersecurity preparedness, with many only acting when targeted by a cyberattack.

Gallagher cyber insurance specialist Callum Hyde says that business vulnerability to cybersecurity issues was recently highlighted by the CrowdStrike outage in July, which caused the crash of around 8.65 million computers around the world.

“Many people and businesses who did not use CrowdStrike themselves, but rely on third parties who do, were caught up the widespread disruption. The CrowdStrike Windows outage emphasised the business risks posed by a heavy reliance on technology, particularly on third-party service providers. Cybercriminals target supply chains to reach as many victims as possible in a single hit. If a third party hasn’t implemented the right cyber security measures, they could put customers at serious risk.”

Callum notes that while the CrowdStrike outage was not malicious, it highlights the growing interconnectedness of businesses today. Cybercriminals are constantly evolving their tactics to exploit these increasingly complex networks and if there is a weakness in a digital supply chain, a hacker is likely to find it. Given the complexity and scale of most supply chains, it’s often challenging for businesses to ensure their cybersecurity measures are fully adequate.

“Whether the cause is a cyberattack or a network outage, these incidents tend to be highly disruptive and costly for a business. Organisations often underestimate the potential costs of a cyber incident, assuming the costs would encompass a short-term office closure. However, they may not account for other expenses such as data and recovery charges, fines and penalties and reputational and crisis management costs.”

How to strengthen your digital supply chain

Callum recommends businesses should adopt an integrated approach to reducing cyber security risk, working closely with vendors to identify potential supply chain weaknesses and ensuring appropriate cybersecurity measures are in place.

“Implementing security measures such as multi-factor authentication, encryption, firewalls and an endpoint detection and response solution, combined with regular monitoring and system updates, will further strengthen your defences against cyber incidents.”   

How Gallagher can help

As cyber insurance experts, Gallagher brokers work with you to understand and manage your exposure to cyber risks and arrange the appropriate cyber cover. It is also important to regularly review business risks with your broker to ensure ongoing protection from increasingly active and sophisticated cyber criminals.

“By implementing preventative measures, organisations can more effectively protect themselves against the increasing risk of cyber events,” emphasises Callum.

*National Cyber Security Centre (NCSC) 2024 SME Behaviour Tracker