A global cyber security firm says New Zealand companies and organisations are underprepared and overconfident and need to narrow their focus to combat cyber threats.
Cisco's second annual Cybersecurity Readiness Index indicates cyber threats were much bigger than ransomware and phishing, with criminals increasingly exploiting vulnerabilities in older, common software applications.
The threat extended to such things as credential stuffing (using stolen username and passwords to gain access to a service), supply chain attacks, social engineering (conning victims) and cryptojacking (fraudulently using computer power to mine cryptocurrency).
The report says advancements in artificial intelligence (AI) and the mainstream availability of capabilities like generative AI were further empowering malicious criminals to deploy more sophisticated targeted attacks, but was also providing smarter, defensive tools.
"When we look at AI as an adversary, we also have to acknowledge that AI has absolutely become a tool in our pocket to defend," Cisco director of cyber security for Australia and New Zealand Corien Vermaak said.
However, the study found organisations were struggling to respond to the increasing risks with overly complex security software and 85 percent reported having a shortage of skilled people to address the risks.
"But what is more alarming to me is 42 percent of organisations reported they have in excess of 10 vacant positions at the moment," Vermaak said.
"So we don't have enough people and we've got new adversaries which leave us really exposed."
Vermaak said New Zealand organisations could improve their readiness by focusing on the greatest risks and reducing the number of tools they are using.
"The report shows 84 percent of companies cited remote login as their highest risk factor. So the fact that people can login from home and from the coffee shop has become a major concern."
Focusing on the point of login, including who, where, when and with what device, would help reduce threats as well as the number of skilled people required to manage those risks, she said.
"Currently, 27 percent of the respondents said that they have more than 30 cyber security tools -- 72 percent said they have more than 10. We don't have enough people to look at 30 tools."
She said more effective tools were available to respond to the increasing risks posed by AI.
"And the tools have the capability these days to do more."
New Zealand organisations needed to do work smarter, to catch-up with the global average, she said.
The report said New Zealand organisations underperformed the global average in identity intelligence, network resilience, machine trustworthiness, cloud reinforcement and AI fortication.
When assessing global cybersecurity readiness Cisco rated 3 percent of global respondent organisations as mature, with nearly three-quarters (71 percent) in the bottom two categories of formative (60 percent) and beginner (11 percent).
However, just 2 percent of New Zealand organisations got a mature rating, with 20 percent considered progressive, formative (53 percent) and a quarter were rated as beginners (25 percent).