Book a Meeting
keyboard_backspace Back
keyboard_backspace Back
News & Insights
29 May 2025

Datacom Report: Kiwi Businesses Complacent in Cybersecurity

According to new reports by Datacom, New Zealand businesses have a significant confidence gap in cybersecurity. This complacency leaves them open to cyberattacks and threats.

In a report titled ‘State of Cybersecurity Index,’ New Zealand’s largest data company has highlighted potential vulnerabilities in its IT defences. The study surveyed over 200 security leaders and 500 employees across New Zealand and Australia.

It found that 71% of company leaders claimed their staff were aware and well prepared for cyber risks. However, only 51% of staff agreed with this statement. This indicates that employees might be unable to recognise or respond to cyber threats.

Leaders also believe they have enough resources to respond to cyberattacks. However, only 26% of New Zealand security leaders have a business continuity or resiliency plan in place in the event of a cyber incident.

Employees and senior leaders notably mentioned that their top cybersecurity concerns were AI-based attacks, phishing, and social engineering scams. 

Managing artificial intelligence and cybersecurity   

Cyberattacks using artificial intelligence are a major worry among business leaders, as is apprehension about the border risks posed by rapid AI adoption. Datacom’s Chief Information Security Officer, Collin Penman, said that Kiwi businesses must ensure measures are in place to adopt AI beneficially. 

"With AI adoption accelerating and cyber threats evolving, governance must be embedded into business and security frameworks," he said. 

“Respondents are right to be concerned. AI-powered tools have enabled cybercriminals to create highly convincing phishing emails at scale … AI-powered botnets can now also modify their own code to evade detection, propagate to other devices without human intervention, and optimise their attacks based on the security response. The advancement of deepfake technology has opened new frontiers for sophisticated social engineering attacks.” 

However, Penman also states that employees and leaders shouldn’t discount the use of AI, as it can be leveraged to protect businesses from risks.

“But I believe the pendulum is swinging back towards the light, with the potential for AI-driven cybersecurity tools to level the playing field. AI can be used to detect anomalies in network traffic, identify potential threats before they materialise, and automate incident response processes, allowing security teams to stay one step ahead of attackers. To truly harness the power of AI for cybersecurity, organisations need to invest in the right talent and infrastructure.” 

Security burnout

Security burnout was another notable issue in New Zealand, with 61% of security leaders reporting feelings of fatigue. In comparison, Australia’s figure was at 58%.

This burnout could potentially disrupt businesses in maintaining strong security measures.

“There is a real risk that businesses are operating with a false sense of security. Leaders believe their teams are ready to tackle threats, but this disconnect is leaving businesses exposed. Cybersecurity is only as strong as the organisation's weakest link, and if employees don’t have the right training or awareness, security strategies won’t hold up when they’re most needed,” says Penman. 

Why the emphasis on cybersecurity?

Data from the National Cyber Security Centre records that 7,122 cybersecurity incidents occurred in New Zealand last year. This highlights the growing challenge of cyber threats in the country.

As AI adoption grows, so does the need for better frameworks and security processes surrounding it.

Small businesses are a prime target for cyberattacks, encompassing nearly half of all cybercrimes in New Zealand. Getting attacked can result in significant financial losses, as well as reputational damage.

For example, the estimated cost of a data breach is $173,000.

Penman states that businesses must take cyber risks more seriously.

"Some organisations are getting this right, with business continuity and resilience plans in place, but they remain the exception rather than the rule," he said.

"Cyber security investment supports business continuity, growth, and trust - because preventing a breach is always better than responding to one." 

Key takeaway

Responding to cyber risks requires a proactive approach. In addition to increasing their internal IT defences, businesses should also consider mitigating cyber threats with the right insurance. This can ensure they are protected on all fronts.

Bonded NZ helps business owners remain efficient in economic uncertainties through comprehensive and tailored business insurance. Whether it's public liability or professional indemnity insurance, our cost-effective options help them secure their business at every angle. 

For more information about our services, contact our team today.

Read the full ‘State of Cybersecurity Index’ report.  

Contact US Now