The New Zealand Herald

How to waste millions

NZ companies risk disaster without adequate security protecting their digital future.

-

The good news: New Zealand businesses are putting more money and effort into digital transforma­tion projects. The bad news: They are increasing the potential for cyber-attacks.

Adrian Van Hest, partner and cyber practice leader at PwC, says New Zealand companies and organisati­ons are putting much more effort into digital innovation and future-proofing businesses.

But the vital element often forgotten or pushed into the background is a key item that can severely damage a company or even bring it crashing down – cybersecur­ity: “There’s more spending going on but the number and cost of cyberincid­ents is also increasing, so companies have to be sure they are spending their significan­t budgets on the right things,” he says.

The latest example of cybercrime has affected Christchur­chbased Cryptopia, the cryptocurr­ency exchange that has lost somewhere between $16m to $23 million to hackers, according to various reports; police have been investigat­ing.

But in spite of examples like this and many other real-life ‘scare’ stories, Van Hest says too few New Zealand companies are taking adequate prevention measures.

Take the example of the Internet of Things (IoT), the global network linking all manner of devices and data creating a vast mass of informatio­n potentiall­y invaluable to many (or even all) businesses.

PwC’s 2019 Digital Trust Insights report says that 81 per cent of New Zealand businesses say the IoT is critical to their future success. However, only 29 per cent are building in digital controls to ensure this rich source of data is protected from hackers. Worse, only 16 per cent are planning on investing in security.

“You can imagine the scenario where an entreprene­ur or an innovative company is focusing on realising the opportunit­y – and let’s face it, collecting and mining this data is a huge, complex task,” says Van Hest. “They are thinking only, ‘will it work?’ or ‘will I find customers?’

“But at the end of it all, all that hard work and innovative thinking can be totally undone by a cyber breach. You can see how a company can lose that trust if customers say, ‘I trusted you and you installed this electronic gear in my home and there was a breach – and now I don’t trust you.”

Just google a phrases like “the survival rate of small companies surviving a cyber attack”, he says, and there are many examples. The usual global rule of thumb is that 60 per cent of small to medium enterprise­s close down about six months after a cyberattac­k. Trust has gone.

The trend to cloud-based businesses and the everincrea­sing functional­ity of mobile phones enhances the risk – “with any opportunit­y comes risk” – and it is human nature to plough ahead and develop an idea without adequately covering factors that might stand in your way.

“I understand the problem – cyber-security is a whole new domain; you kind of have to invent the cart before you hitch it to the horse. Maybe a better way of saying it is that it like asking a CFO to assess the finances of a company before accounting has been invented…

“But it is vital and there are ways to achieve that protection.”

However, the PwC Digital Trust Insights report showed that only 25 per cent were including proactive risk management “fully from the start” in digital transforma­tion projects while only 16 per cent of New Zealand business leaders were comfortabl­e that the projects pitched to the board of their company covered all the necessary ground.

Building in cybersecur­ity from the start was the cheapest and most effective way, he says, yet three-quarters were only introducin­g security during or at the end of the process

– a practice that often obstructed or damaged the user experience of the project they had spent millions of dollars developing.

Pitching such projects to the board of the company concerned often involved highly technical challenges and language and PwC could help untangle and de-mystify such projects so boards could answer three essential questions: do we understand the risk; is it managed appropriat­ely and how can we prove it?

New Zealand also lags behind other countries in data security, privacy measures and testing resistance to cyber-attacks. Only 20 per cent have a comprehens­ive programme to address that, compared to 40 per cent in the US. Only 18 per cent have tested resistance, compared to 34 per cent in the US.

Van Hest says businesses should be asking themselves:

Does your business include cyber and privacy management in their digital transforma­tion “fully from the start”?

Are you comfortabl­e your company provides the board with adequate reporting on metrics for cyber and privacy risk management?

Is the Internet of Things (IoT) critical to at least some of your business, do you have confidence in your digital controls and are you investing in keeping it secure?

“With the continuing rise of cybercrime, we identify vulnerabil­ities so companies can protect themselves more effectivel­y and emerge stronger.”

“There’s more spending going on but the number and cost of cyber-incidents is also increasing” Adrian Van Hest

 ??  ??
 ??  ?? Adrian Van Hest, partner and cyber practice leader at PwC
Adrian Van Hest, partner and cyber practice leader at PwC

Newspapers in English

Newspapers from New Zealand