How many NZ businesses are leaving data vulnerable to breaches?

New study reveals some alarming figures

How many NZ businesses are leaving data vulnerable to breaches?


By Ksenia Stepanova

A new study from Thales has revealed that the cybersecurity of New Zealand’s businesses still leaves a lot to be desired, with 43% of New Zealand respondents having dealt with at least one cloud breach within the last year.

The 2021 Thales Global Cloud Security Study was commissioned as part of S&P Global Market Intelligence, and revealed that only 26% of New Zealand businesses are encrypting all of the sensitive data that they store in the cloud. It also reported that 51% of organisations leave the control of most or all of their encryption keys to service providers, rather than retaining full control themselves.

Meanwhile, 75% of New Zealand’s business leaders admitted that their company does not have a Zero Trust strategy, and 28% of those respondents said they were not actively considering one.

The survey results show that almost 75% of businesses are inadequately protected when it comes to their cloud data, and Thales ANZ director Brian Grant said that they are clearly finding the ‘increased complexity’ of the digital world difficult to deal with. He highlighted the importance of a strong cybersecurity and data protection strategy, particularly for sectors like insurance and financial services, which hold significant amounts of personal customer information on their databases.

“Organisations in Australia and New Zealand, like their counterparts across the globe, are struggling to navigate the increased complexity that comes with greater adoption of cloud-based solutions,” Grant said.

“It’s no longer ‘if’ a cyber breach occurs but ‘when’. A robust security strategy is essential to ensuring data and business operations remain secure. With nearly every business reliant on the cloud to some extent, it is vital that security teams have the ability to discover, protect, and maintain control of their data.”

The study found that cloud adoption is growing rapidly around the globe, with 57% of global respondents using two or more large cloud providers. However, almost half (46%) of respondents agreed that managing privacy and data protection in the cloud is a complicated process, and only 17% indicated that they encrypt more than 50% of their sensitive data.

The financial services sector was only marginally better than average in this respect, with 21% of firms saying they encrypt more than half of their sensitive data - a figure which still leaves a huge data protection gap.

When it comes to effective data protection strategies, Brian Grant said that companies need to ‘close the gap’ between the time where a customer enters their information, and the time that the information gets secured.

He said that external threats are only going to increase as more companies go fully digital, and so it is vital to put the right cybersecurity strategy in place that will not leave sensitive customer information vulnerable to theft.

“We keep trying to secure people, and the reality is that we’re probably never going to achieve that - that’s just the nature of how it is,” Grant said.

“But if organisations do get compromised, they need to think about how they will stop that from damaging people’s privacy, and damaging the organisations that are using that information. The only way of doing that is to embed security into the processes and the systems of the organisation itself.”

“If you go to an insurance company’s website and enter some personal information, whether that’s information related to a claim, an application for a policy, or whatever it might be - if the data is secured and anonymised right there and then, it’s less vulnerable than if you gather that data first, and then go about securing it,” he explained.

“That point between the customer entering the data and the insurer actually storing it is the period where that data is most at risk.”

“You can’t control when someone is trying to hack you, or make money off you in a digital sense, but you can control your own risk management,” Grant concluded.

“If you have your house well secured with alarms and locks, an attacker looking at your house can see that it’s well secured and move on to the next house. And if everyone does the same thing, then we will have less break-ins overall.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!