60% of SME businesses go bust 6 months after a cyber-attack

The rate of cyber-attacks has increased exponentially over the last five years. Data from the New Zealand government shows financial loss from cyber-attacks increased 66% in Q1 of this year.

So, when business owners say, “I haven't been attacked in the last 10 years, why do I need cybersecurity now?” they don’t realise that businesses are now in an age of cybercrime. It’s not a question of if you get attacked. It’s a question of when.

It’s not just the money. It’s your reputation at risk

It’s not just money you lose in the immediate aftermath of a cyber-attack. Although that’s bad enough. The average cost of a cyber-attack to a business with 20 staff is $400,000. That’s why 60% of SMEs don’t recover.

But when it comes to cybercrime, losing money is just the tip of the iceberg. The reputational risk of a cyber-attack is the real killer. Clients leave you because they’re annoyed by the disruption and scared by the risk. And businesses don’t only lose customers. Your top talent won’t stick around in a leaky ship.

It’s time to take cybercrime seriously.

Cybercrime attacks in New Zealand increased 66% in Q1 of 2023.

The average cost of a cyber-attack to a business with 20 staff is $400,000.

OxygenIT have looked after our IT services for the past 12 years. The fast response and personalised approach is great, they understand us as a business, and we can’t recommend OxygenIT’s services enough.

Gary Sheridan, Philip Wareing Group Limited

If you’ve data to protect, cybersecurity is essential

Protect your intellectual property. Whether you work in finance, law, IT or the creative industries, if you handle valuable data, you need to keep that data safe.

Protect yourself from business interruption after a cyber-attack. What if your whole team were offline, unable to work or correspond with your clients? Imagine the impact financially as well as the huge reputational cost.

Protect your reputation. What happens if you send malware out to your customers? Do you have the PR and legal expertise to recover from that situation? What about the financial resource to settle any customer claims?

Our cybersecurity first approach

Step 1: Cybersecurity audit

If somebody in your business clicks a link in an infected email, how would that impact your organisation? Would it only affect one user? Or would the hackers be able to get your passwords and take over everybody's computers?

A cybersecurity audit lets you know how at risk you really are.

Your IT audit for cyber security starts with a 20-minute phone call where we ask questions to gauge your risk and your exposure. Within the audit, we will:

  • Gain an objective overview of your IT security solutions.
  • Check your current risk profile.
  • Report on cybersecurity to your board.
  • Externally audit your IT network to make sure it’s secure.
  • Make sure you’re covered by your cyber insurance.

The audit is run by IT security experts in the US. They’re the same experts we use to externally audit our own IT security and the IT systems we manage for our clients. They assess your risk and tell you what would happen if you’re attacked.

Step 2: Cybersecurity report & recommendations

We present the top five issues from your cyber security audit, using non-technical language so everyone can understand. The report includes recommendations you can take to your IT provider to tighten your security immediately.

We also map out your existing cybersecurity solution and give it a score for how secure it is. Then we outline the security solution we recommend, what that costs, and how that compares to your current security spend.

This shows you if you’re under or overinvesting in your IT security. Depending on the risk profile of your business, you’re looking at investing $60-$120 per user per month on cybersecurity. If you’re spending less you’re likely under protected.

Sometimes the audit finds businesses are investing well in cyber security monitoring and have the right tools, but their system is misconfigured and a few settings need to be tweaked.

Sometimes businesses are underinvesting. We previously audited a business spending a total of $92 on security per month for seven users. Now they're spending $1,200 per month.

There’s no pressure to move your cyber security monitoring to us. But we’re happy to prepare a proposal explaining how we’d solve the problems identified in the audit.

Step 3: Cybersecurity upgrades

If you choose to shift your cybersecurity protection to Oxygen IT, we aim to minimise disruption to your business, so we’ll meet with you, discuss priorities, and fix your most important security risks first.

This could be removing your organisation’s passwords from the dark web or upgrading your firewalls and the protection on your desktops, laptops, and mobiles.

Most upgrades take four to six weeks.

Step 4. Cyber insurance

Cybersecurity mitigates your risk. We can’t eliminate risk so we don’t guarantee you won't be hacked. Anybody who does guarantee that is naive or foolish. But we will make your risk of cyber-attack as low as we can.

Once you’ve mitigated as much cybercrime risk as possible with good cybersecurity, we recommend transferring your remaining risk to an insurance company, so you have funds available to recover from a cyber-attack. But remember, cyber insurance will only cover you if you have cybersecurity in place.

The average cost of a cyber-attack to a business with 20 staff is $400,000. One business we spoke to had three ransomware attacks in one month. They didn't have insurance so they couldn't pay for a forensic IT investigation, and they couldn't afford to fix the problem. Each time they restored their data they got hit by another attack.

We don't sell cyber insurance. But we recommend the cyber insurance company Plan & Protect. If you buy cybersecurity protection from us, you get a 20-40% discount on your cyber insurance premium with Plan & Protect, because they know you’ve managed your risk.

OxygenIT is our longstanding IT service provider for the past nine years, recently migrating all our data to the cloud smoothly. We’re always happy with the IT services they provide and their effective communication.

Pam Farquhar, Christchurch City Elim Church

Cyber security audit

$5,000 + GST

Your cyber security audit includes:

  • Phone interview to diagnose your security risk
  • Diagnostics (these are run remotely. You don’t need to advise your IT provider)
  • Detailed report outlining key risks
  • Assessment of cost effectiveness of your current cybersecurity solution
  • Recommended solution and costs.

Cybersecurity packages

We’ve packaged together all the cybersecurity tools you need, along with training and installation with three cybersecurity packages tailored to your level of risk.

Cybersecurity Standard

Protect your users and the device they're on. Great for start-ups and small businesses.

  • Security Awareness Training
  • Office 365 Backup
  • Next Gen AV
  • Web Filtering
  • DNS Filtering
  • Firewall (IDS/IPS)

From: $30 + GST per user per month.

Cybersecurity Plus

Protect your users and the device they're on. Great for small and medium businesses.

  • Zero Trust Application
  • Password Manager

From: $45 + GST per user per month.

Cybersecurity Premium

Protect your whole organisation. For organisations where data security is a must.

  • Lateral Movement Protection
  • Device Encryption
  • Device MFA
  • Set policies and procedures for software, devices, and security
  • Document actions for a security breach

From: $60 + GST per user per month.

Trust us to mitigate your cyber risk

We thought we were doing a great job on New Zealand cyber security, until we hired an expert to audit us and realised how much more we needed to do.

Now we’ve doubled down on cybersecurity to combat the rise in cybercrime and secure New Zealand businesses against catastrophic cyber-attacks.

A lot of IT providers out there sell you individual cybersecurity products. But that’s like selling you a hammer and nails when you don’t know how to build. You don’t even know if they’re the right hammer and nails for the job.

Selling antivirus software as a cybersecurity solution is misleading. Business owners buy cybersecurity products and think they’re protected. However, cybersecurity in NZ is more nuanced and complex than buying a product. It’s about policies and behaviours, as well as a suite of tools to keep you safe. We help with all those things.

Cybersecurity FAQs

Why is my IT provider not talking to me about cybersecurity?

IT services and cybersecurity are two different disciplines, but there is a misconception that they are the same thing.

Businesses often think that by signing up for IT services they’re covered for cybersecurity. That’s not often true, but if that hasn’t been well communicated at the beginning of your relationship with your IT provider, it can become hard to have that conversation later on.

As a result, IT providers may be scared to talk to their clients about cyber security in NZ. They’re afraid they’ll be seen as incompetent or lazy, and their customers will be angry because they feel their IT provider should have been managing cybersecurity all along. IT firms also become scared they’ll lose clients if they ask for more budget to cover cybersecurity.

This communication breakdown happens because IT services are often seen as a commodity and bought on price.

When that happens, all the extras get cut and IT staff don’t have time to do a secure job. They will set you up with an IT system, and fix your IT problems, but they may do it while incurring an invisible technology security debt.

Avoid this by asking about cybersecurity in NZ when you choose your IT provider. And allow a separate budget for cybersecurity. You’re looking at investing $60-$120 per user per month on cybersecurity, depending on the risk profile of your business.

Should my IT provider be externally audited for cybersecurity purposes?

Yes they should. An IT provider has to hold themselves to high standards because if they’re hacked, all their customers are affected too. Hundreds of businesses’ emails, networks, backups, passwords, and machines are at risk.

We commission a third-party IT security expert in the US to assess our risk level and audit the IT systems we install for our clients.

Ask your IT provider to show you evidence that they have been audited.

You can also commission a cyber audit for an objective review of your cybersecurity risk.

What sort of disruption can I expect from upgrading my cybersecurity?

Business disruption is minimal.

Part of improving your cybersecurity in NZ may be installing some new tools.

But 80% of cyberattacks happen because someone on your team has opened an infected email or downloaded an infected file. That cute kitten video was riddled with ransomware. That sales email wasn’t legit. So, making your organisation more secure is about changing the way your people work.

We support you with a package of communications to send to your staff. And we provide monthly New Zealand cyber security training that tests your team to make sure they’ve learned to be more cyber aware.

How hard is it to transfer from your existing cybersecurity provider?

Transferring from your current cyber security company is simple and we handle it for you. We’ll hold a meeting to discuss the roll out of your cybersecurity upgrade. The impact on your team is kept to a minimum.

The biggest effect on them will be a few procedural changes, and our cyber security company provides you with communications and training to make sure those changes go smoothly.

Should I pay a ransomware demand?

Ransomware payments only work between 50 to 70% of the time.

While ransomware is now big business with 0800 numbers, it’s important to remember that hackers who write malware are not professional coders. When they go to restore your files, the process often fails.

So, if you do get hit by ransomware, ask yourself what you’re going to do to stop this happening again.

Mitigate your risk with decent cyber security in NZ. Start with a cybersecurity audit to find out where the weak points are in your current security solution.

Next, transfer your remaining risk with cyber insurance, so you have a safety net to help you recover fast from a cyber-attack.

It’s time to take cybercrime seriously

60% of NZ SMEs go bust 6 months after a cyber-attack. You don’t have to be one of them. Talk to us about your cybersecurity today.