Nearly half (44%) of large New Zealand businesses suffered successful cyberattacks in the last 12 months, with 61% facing serious disruptions including extortion in one-in-five cases, according to Kordia’s 10th annual Business Cyber Security Report.
AI-empowered phishing dominates, with over 80% of emails containing undetectable AI-generated content, achieving 54% click-through rates versus 12% for traditional scams.
AI phishing exploits emotions at record speeds
Attackers use AI for hyper-personalized voice, video, and deepfake assaults preying on urgency, threats, or familiarity to prompt hasty actions like credential sharing.
Microsoft’s 2025 report notes phishing volumes up 1,200% from 2022-2025, hitting organizations every 39 seconds with daily global losses of $18 million.
Biometric flaws like unchangeable voice or face data amplify risks in evolving multi-modal attacks.
Business threats vary by size and type
Smaller firms (50-99 employees) fear phishing and ransomware extortion most; mid-sized (100-200) worry about AI misuse and insiders.
Larger entities (201+) prioritize DDoS disruptions and AI-generated threats, with half of leaders open to paying ransoms—8% already did last year.
One-third of victims took two months to recover, doubting full resilience against major hits.
Calls for tougher laws and training grow
NZ businesses demand government-backed awareness programs, harsher penalties (beyond current NZ$10k fines), and mandatory breach reporting like EU/UK/Australia models tying cyber resilience to director liability.
Priorities include employee training, detection software updates, and response coordination; 25% lack basic data security or incident plans.
Cyber insurance claims hit 17%, but premiums soar, forcing many to self-absorb costs from data loss, fines, and supply chain breaks.
Skills gap widens amid attack surge
World Economic Forum notes only 14% of orgs have adequate cyber talent, with gaps up 8% since 2024 fueling vulnerability.
Experts urge reducing risks first over relying on insurance, pausing under pressure, and verifying uncomfortable requests.
The report warns of state and criminal actors exploiting gaps in a landscape where AI blurs attack detection.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
