Skip to content

Low cybersecurity preparedness leaves SMEs vulnerable

New research shows most local small and medium-sized enterprises (SMEs) have no plans in place in the event of a cybersecurity incident, and a significant number say they are unconcerned about cyber threats - despite the potential for serious impacts on business operations. 

MYOB’s 2024 Business Monitor - a nationwide survey of 1000+ SME owners and decision-makers - reveals that more than half (57%) of New Zealand’s SMEs do not have processes in place to manage a cybersecurity breach. Just 38% of business owners and operators surveyed said they have established procedures for dealing with a cyber incident, while 6% of those surveyed were unsure of their processes. 

However, the findings highlighted that cyber preparedness increases with business size. Fifty-seven percent of businesses with 20+ employees reported having processes in place to handle a breach, compared to 35% of those with 1-5 employees, and 47% of those with 6-19 employees. 

While nearly half (49%) of SME owners and decision-makers said they are concerned about the cybersecurity of their business, 47% are either not at all or not very concerned about their cyber preparedness levels, but Peter Wolski – General Manager of Reliability and Security at MYOB, explains that they should be.  

“Many SMEs mistakenly believe they are too small or inconsequential to appeal to cyber criminals, however this is often not the case,” says Peter. 

“This thinking can leave these businesses exposed as easy targets for malicious activity and the consequences of cyber breaches can be severe for all involved, including business owners, their employees, and their customers.” 

More than a quarter (28%) of SME leaders surveyed in MYOB’s Business Monitor said they have been targeted by malicious activity such as malware, online scams, hacks, phishing, or ransomware.  

Peter says that it’s crucial business owners explore and understand how to keep safe online, and set up robust cybersecurity practices to protect them in case of a breach. 

“While it can be tough to step away from day-to-day business tasks, setting aside time now to assess your business’ key assets and apply the National Cyber Security Centre’s (NCSC) recommended protections such as software updates, multi-factor authentication and backups, will ensure business owners and their teams are protected and ready to respond if or when an incident happens. 

“In high-stress situations, plans allow everyone to think clearly and work through the necessary steps, starting with reporting malicious activity to the NCSC’s CERT NZ.” 

Once business owners have processes in place, Peter explains that the next step is initiating a proactive, always-on approach, testing and identifying any weaknesses before they manifest.  

“Ensuring your business’ cybersecurity is solid and resilient is a never-ending process – unfortunately there’s no finish line as cyber criminals adapt and technology evolves at a rapid pace. With cybersecurity, prevention is always more effective than treatment,” he adds. 

“If getting up-to-speed feels overwhelming, prioritise any specific business needs and implement the most pressing changes first. Another good way to kick off the process is by accessing the support available through the NCSC’s Own your Online website. This hub offers a range of resources to help SME owners keep their business safe in the digital world, including an online security assessment tool to prepare a customised action plan.” 

For those keen to improve their cyber readiness, Peter shares a few key areas SME leaders can focus on to increase their level of protection: 

  • Keep software updated on all devices  

  • Adopt multi-factor authentication (MFA) and use passphrases 

  • Set up automatic data back-ups  

“Ongoing education for both business owners and employees is a key component of proactive cybersecurity. Everyone in the team should know how to protect themselves and identify red flags such as potential scams or online phishing.  

“Maintaining good cyber safety is everyone’s responsibility, and a unified, vigilant approach is your best defence,” Peter adds.  

ENDS

For more information, please contact:

Rosie Miller

NZ PR Specialist

E: rosie.miller@myob.com

About the Annual MYOB Business Monitor:   

Running since 2009, The Annual MYOB Business Monitor is a national survey of 1,000+ New Zealand small and medium business owners, managers and directors, from sole traders to mid-sized companies, representing the major industry sectors. The Monitor researches business performance and attitudes in areas such as profitability, cashflow, pipeline of work, technology usage and the government.     

The 2024 MYOB Business Monitor survey was conducted by the Online Research Unit – a division of Kantar. The survey comprised a national sample of 1041 New Zealand business owners, managers and directors (operators) and was conducted from January 26th – March 8th 2024. All data has been weighted by industry type, location and number of employees, which are in line with Statistics New Zealand (New Zealand Business Demography Statistics: At February 2023: ISSN 1174-1988). The margin of error for the total sample is + 3.1%.