CFOtech New Zealand - Technology news for CFOs & financial decision-makers
Story image
Kiwis call for tougher fines & greater accountability in cyber breaches
Tue, 27th Feb 2024

New research indicates that the majority of New Zealanders wish companies to do more to prevent cyber-attacks, and feel potential repercussions are insufficient. The study reveals that a significant number of Kiwis will consider switching companies after a cyber breach, reflecting the growing concern over the responsibility and accountability of businesses in protecting against these threats.

The rise in cyber-attacks worldwide continues unabated and New Zealand is not immune, as shown by recent significant data breaches at Latitude Financial, Te Whatu Ora, and Auckland Transport. A new study commissioned by Anthem and undertaken by Talbot Mills Research, disclosed public views on accountability in businesses for cyber-attacks, illuminating attitudes towards penalties, responsibility, and communication.

The research findings reveal a clear consensus amongst New Zealanders that stronger measures are required to address and counteract cyber-attacks. A majority of 60% of respondents consider New Zealand's current maximum fine of $10,000 for cyber breaches to be inadequate. Furthermore, 40% of those surveyed believe a reasonable fine for such breaches should exceed $100,000, with 23% supporting even stronger fines upwards of $500,000.

According to Misti Landtroop, Managing Director at Palo Alto Networks – the world's cybersecurity leader, New Zealanders should be looking to reward organisations for great cybersecurity best practices rather than only considering an increase in monetary punishment.

The study also highlighted the importance of effective communication in maintaining a company's reputation in the aftermath of a cyber breach. Most people (92%) deem timely and efficient communication to consumers about a cyber breach as critical to upholding a company’s standing. Furthermore, 91% believe that businesses across New Zealand should be mandated to disclose past cybersecurity breaches and detail the steps taken to address them, echoing the call for greater transparency.

Hilary Walton, Technology Strategist at Microsoft New Zealand, highlights the importance of clear communication during cyberattacks. "Organisations must be transparent with their customers about the steps they are taking to remedy cyberattacks, providing clear timelines for when updates will be released,” Walton said.

Moving away from fines, the debate around culpability for cyber breaches was also a key point raised by the survey. Most participants, 65%, believe that a company’s Board of Directors should take responsibility for the costs arising from cyber breaches occurring under their overview.

Jane Sweeney, Co-founder and Executive Chair of Anthem, underscored the critical impact on businesses' reputations and customer trust, and consequently their bottom line. “Companies should take notice. It’s not just a fine at stake, but their reputation and the trust of their customers” Sweeney warned.

In conclusion, David Talbot, Managing Director at Talbot Mills Research, said he was most surprised by how strongly New Zealanders felt about fines for cyber breaches. "As cybercriminals become increasingly sophisticated, experts say attacks are likely to increase, and our research shows New Zealanders are looking for accountability and clear communication, otherwise they will vote with their feet," Talbot said.