Only 5% can correctly identify which emails and SMS are legitimate or scams
Less than half know the steps to take following a data breach
8 March 2023 – KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced new research which has found New Zealand IT decision-makers are underprepared regarding risks to the business from phishing and BEC (Business Email Compromise – also known as CEO Fraud). Surprisingly, only a third (32 percent) of Kiwi IT decision-makers say they are concerned about phishing as a risk to their organisation, while even fewer are concerned about BEC (27 percent).
When asked to determine whether example emails and SMS were real or fake, only five percent of Kiwi IT decision-makers were able to correctly identify them all. In addition, a quarter (25 percent) of Kiwi IT decision-makers use their work phones for personal activity (7 percent higher than indicated by office workers) and 23 percent use their work email address for personal activity.
Jacqueline Jayne, Security Awareness Advocate for APAC at KnowBe4 is concerned: “When those charged with keeping a business secure are unaware of the risks and unable to identify scam emails and SMS messages, their organisations are at significant risk. According to Consumer Protection NZ, Kiwis lost a combined total of $183.5 million to scams in 2022 (up a massive 40 percent on the previous year). If those in charge of security are unaware of best practices, then they cannot educate and train employees.
“When employees are using their work email address for personal activities such as online shopping, they are much more likely to fall victim to a phishing attack that uses a hook such as delivery delays to entice the victim to click through. Having a clear separation between work and personal activities makes it much easier to spot when an email is a scam – if you know you never shop online using your work email address, then you know that email from Amazon cannot be real.”
Data breach protocol
Alarmingly, only four in ten (40 percent) IT decision-makers say they are confident they would know the steps they would need to take following a cyber incident or data breach in their organisation.
Furthermore, just four in ten Kiwi IT decision-makers believe the employees in their organisations understand the business impact of falling victim to a cyber attack (42 percent), are confident their employees can identify phishing and BEC emails (36 percent) and that their employees report all emails they believe to be suspicious (36 percent).
Security investment
Nearly three quarters (73 percent) of Kiwi IT decision-makers say they plan on investing in/spending money towards cybersecurity in 2023.
Those who plan on investing in/spending money towards cybersecurity in 2023:
Are most likely to be investing in/spending money on new cybersecurity software solutions (58 percent), followed by a cybersecurity awareness training program with ongoing and relevant content (55 percent)
Other areas of investment include cybersecurity insurance (49 percent), employee policy changes related to cybersecurity (44 percent), further investment in infrastructure (39 percent) and simulated phishing and social engineering for end users (36 percent)
For more information on KnowBe4, visit www.knowbe4.com.
Research methodology:
This study was conducted online between the 30th November – 6th December 2022. The sample comprised of 1,016 New Zealand office workers (any industry) and 218 New Zealand IT decision makers (any industry). YouGov designed the questionnaire. Following the completion of interviewing, the office workers data was weighted by age, gender and region to reflect the latest population estimates in New Zealand.
About KnowBe4
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 56,000 organisations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organisations rely on KnowBe4 to mobilise their end users as their last line of defence.
