Menu
Menu
Prepare for mandatory reporting of data breaches, KPMG tells SMBs

Prepare for mandatory reporting of data breaches, KPMG tells SMBs

‘As our larger corporates are entering a mature phase of protection, we are seeing attackers turn their attention to the ‘low-hanging fruit’ of exposed SME-size businesses’

New Zealand’s small to medium businesses (SMBs) are faced with three big reasons to boost their cybersecurity, warns KPMG.

As well as being a growing target for cybercriminals, KPMG says Kiwi SMBs need to prepare for future mandatory reporting of data breaches, and increased sensitivity from customers and business partners.

Philip Whitmore, the national leader of KPMG’s cybersecurity practice, says it’s becoming increasingly critical that smaller businesses develop resilient defences to cybercrime.

Increasingly, customers and business partners are asking SMEs questions about the cybersecurity controls they have implemented, to ensure that their information is protected

Philip Whitmore, KPMG NZ

“As our larger corporates are entering a mature phase of protection, we are seeing attackers turn their attention to the ‘low-hanging fruit’ of exposed SME-size businesses,” says Whitmore, in a statement.

Whitmore says New Zealand is particularly attractive to offshore cybercriminals – given both our high proportion of small businesses, and the fact we’re seen as a “soft target” among developed nations for phishing attacks.

He says the 2016 Norton Cyber Security Insights Report identified that 70 per cent of New Zealand SMEs had been subject to phishing attacks, which is the most common method used to breach an organisation’s perimeter. Almost half (47 per cent) had also been subject to other types of hacking attacks.

In response to these growing threats, KPMG New Zealandvhas launched a cybersecurity service tailored to the needs and resources of smaller and medium-sized businesses, says Whitmore.

“Many smaller businesses think they are covered by their antivirus software, or that their IT provider will protect them; but in reality, that’s wishful thinking,” he adds.

“Good security is not just an IT issue; it’s a business issue. Every business owner should have oversight across it.”

Another issue is that New Zealand is likely to follow Australia’s lead and introduce mandatory reporting when a data breach occurs. This will have implications for New Zealand businesses of all sizes.

“If your data security is breached, you may be required by law to disclose this,” says Whitmore.

“This could have serious implications for your brand, loss of trust with your customers, and even your ability to win clients in future.”

Similarly, KPMG also warns SMEs that having robust cybersecurity is fast becoming an issue for customers, and a supply chain issue.

“Increasingly, customers and business partners are asking SMEs questions about the cybersecurity controls they have implemented, to ensure that their information is protected.

“Demonstrating that you have effective controls in place builds upon the trust you have already established, and may also provide you a competitive advantage.”

Read more: How to build an army of cybersecurity experts

“It’s important to remember that every business has something of value to cyber-criminals – whether it’s money, database information, or other intellectual property.”

Send news tips and comments to divina_paredes@idg.co.nz

Follow Divina Paredes on Twitter: @divinap

Follow CIO New Zealand on Twitter: @cio_nz

Join us on Facebook.

Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Error: Please check your email address.

Tags SMBsSMEkpmgcybersecurityPhilip Whitmore

More about FacebookKPMGNortonTwitter

Show Comments