Research has found New Zealand businesses are lagging behind the rest of the world when it comes to protecting themselves from cyber attacks.
The report from the business consultancy Price Waterhouse Coopers finds organisations are struggling to fully grasp the range and scale of the threat.
PwC Cyber Practice Leader Adrian van Hest said New Zealanders' 'she'll be right' attitude meant they were leaving themselves open to the risk of cyber-attacks.
"It's heartening to see the change in perceptions among businesses in their approach to cyber security," said Mr van Hest.
"However, leaders are struggling to fully grasp the breadth of cyber risks their organisations face and the value of the data they are gathering, let alone translating awareness into action. Companies that are making this transition to a digital operating model have to make cyber security central to their transformation efforts."
He said New Zealand organisations were over-reliant on basic penetration tests, with 63 percent employing them as their primary control, despite more attacks originating from insiders and business partners.
He said cyber attacks were becoming more complex on a daily basis.
The first part of the Global State of Information Security Survey said while New Zealand companies were leading the world in cloud adoption, they were not making the corresponding investment in managing their cyber risk.
Compared to the rest of the world, businesses are lagging in the amount of spending they are directing towards cyber security.
These efforts are focused more towards basic measures like penetration tests, at the expense of those that are more likely to address the insider and partner issue, such as comprehensive identity management systems and tighter control over administrator privileges.
The uptake of managed security services, for example, is almost half that of Australia - 44 percent compared to 78 percent.