Date posted: 03/11/2021 5 min read

NZ accounting businesses prime targets for cyber attacks

NZ professional services firms have become high-value targets for cyber criminals. Brought to you by Crombie Lockwood.

As reported by CERT NZ, cyber crime incidents with direct financial loss increased 7% in the first quarter of 2021 from the fourth quarter of 2020, while unauthorised access reports increased by 18%.

Philip Whitmore, leader of KPMG New Zealand’s Cyber Security and Technology Risk practices, says many Kiwi businesses still believe it can’t happen to them.

“New Zealand has a very low level of maturity when it comes to cyber security compared with other countries, and we’re often seen as a soft target as a consequence,” he says.

“We’re not improving generally at the pace at which the threat is growing. It is an uphill battle, and there’s no let-up ahead.”

“We’re not improving generally at the pace at which the threat is growing. It is an uphill battle, and there’s no let-up ahead.”
Philip Whitmore, KPMG New Zealand

According to the CERT NZ report, the most common form of infiltration in New Zealand is phishing. But ransomware attacks are also an issue. These can come indirectly, as they did in July this year when US software firm Kaseya was attacked and customers who used its tools suffered. In New Zealand, some schools and kindergartens were knocked offline, but of the up to 1500 global businesses affected, most were “dentists’ offices or accountants”, according to a Reuters report.

Attacks can also come directly. Last year, Australian consulting and accounting firm Nexia was hit by REvil ransomware. The attackers demanded AU$1 million be paid in three days. While the most the attackers got was screenshots of empty folders, it nevertheless became a “public-relations nightmare” that panicked clients, according to a report by The Australian.

“Demands in the past from ransomware attacks have been relatively small, but figures that are being demanded are much bigger now. Increasingly, over NZ$1 million,” says Whitmore.

Cyber incidents between January and March of this year resulted in a total of NZ$3 million in direct financial losses, according to the CERT NZ report. However, ransom payments or stolen funds are not the whole story. Responding to a cyber attack incurs many costs, including hiring experts and potential legal fees associated with liability claims.

It’s here where cyber insurance demonstrates its value. It covers all the associated costs of an incident (up to the policy’s limit) not just the initial IT response. That’s why finding a proportionate policy for your business is crucial – each business has a different risk profile.

Professional services particularly vulnerable

Whitmore warns that everyone has something of value, but accountants and their employees are under increasing attack because they often have access to money, either being held in trust or through managing the finances of other organisations. Cyber criminals also target information considered sensitive or confidential, including health care, financial, and intellectual property. If Whitmore has a message to New Zealand professional service firms, it’s that the sooner you’re prepared, the better.

“What we’re seeing now is escalating, and it will continue to escalate,” he says.

Crombie Lockwood can help. With 40 years of local insurance expertise, Crombie Lockwood can help arrange cyber insurance to help your business recover after a cyber attack.

Find out more:

Crombie Lockwood is the New Zealand General Insurance Partner of the CA ANZ Member Benefits Program. For information visit accountants or call 0800 435 568.