Contact Us

Cybersecurity: Need of the hour for small businesses

HR Policies

10 June 2025 (Last updated 19 June 2025)

Share on:

Research has found that 43% of cybercrime is directed at small businesses. Small to medium sized enterprises (SMEs) makeup for a huge portion of New Zealand businesses which translates this to a matter of immediate concern for every Kiwi employer.

While small businesses acknowledge the need for cybersecurity, it is overshadowed by other pressing concerns such as the economy and cash flow. SME owners are wearing multiple hats and it becomes challenging for them to realise the importance of vulnerability to cybercrime. The reality is that anyone can be affected by cybercrime and it is imperative that Kiwi business owners consider this seriously.

Cybersecurity threats

According to CERT NZ, the top cybersecurity threats facing small businesses are:

Scams and fraud

36% of SMEs surveyed by CERT NZ have experienced at least one cyber attack in the last six months. Scams calls, phishing, and invoice scams are most common among businesses.

Unauthorised access

In sectors of public safety, administration, transport, and warehousing, unauthorised access is a significant concern. These incidents basically compromise the confidential information, deny access or service, and modify the integrity of a system.

Malware

Malware is a common threat faced by businesses. Employees unknowingly click on a strange link and allow the malware to access the office system.

Attackers are constantly trying to use sophisticated methods to target businesses and employers. If business owners don’t step up, they risk facing financial losses, losing the trust of consumers, loss of confidential information, and reputational damage.

How can New Zealand small businesses protect against cyber threats?

Only 6% of Kiwi companies have adequate protection against cyber threats. New Zealand has a high concentration of smart phone usage which makes businesses more vulnerable. 97% of New Zealand companies are small businesses, and they believe that cybersecurity is an expensive and unnecessary expense. This misconception needs to be corrected and small businesses need to know that prevention is far more cost-effective and less stressful than having to respond to a data breach.

Here are some practical steps small businesses can take to potentially protect themselves from cyber threats:

  • Train your staff- Businesses need to do a better job of educating people and employees on how to spot risks and avoid them. Use videos, workshops, and handbooks to train staff on cybersecurity, potential threats, and usage of software. All employees should know what sites they can access and safe storage of passwords and company information.
  • Choose the right cloud services- There are several cloud services providers out there and you must choose the right one for your business. As a business owner, you should research and pick the right one. Having an effective cloud service has benefits such as getting access to software, accessing company data from any company approved device at any time, and having adequate storage space and backups for your data. Before you commit to a particular provider, make sure they can give you the protection and support you need.
  • Implement two-factor authentication (2FA)- 2FA means that anyone who logs in to the system will need to provide something else on top of the username and password to verify that they are who they say they are. You can implement it on internal systems. Systems that benefit from 2FA are email services, cloud aggregator services, document storage, banking services, social media accounts, accounting services, and any system that stores customer, personal or financial data.
  • Work with experts- Hiring cybersecurity experts to look after your systems can be worth the expense. They can do a SWOT analysis of your security and help you pinpoint the weaknesses.
  • Secure your devices and network- Establish anti-malware software on any devices that access business data. Configure network devices such as firewalls and web proxies to secure and control connections in and out of the business network.
  • Check details manually- Having manual checks in place can act as an added layer of protection for businesses. It will also ensure they don’t get caught up in online scams and fraud.
  • Have an incident response plan- Always be prepared for the worst-case scenario. Having an incident response plan helps your employees stay prepared and know what to do in case things go wrong. Policies and systems in place can ensure you protect your business, customers, and employees from loss of important data and information.

Peninsula has worked with 6,000 businesses across New Zealand and supported them in employment relations and work health and safety. We understand the needs of small businesses and the challenges they face. Contact Peninsula today to get all your tricky questions answered.

This document is intended as general information and does not constitute advice. Please contact a cybersecurity professional or qualified experts if you need advice and support.

Related Blog Articles

HR Policies

HR at the heart of business success

For many businesses, human resources (HR) is an afterthought, but in reality, it is the fuel that powers successful businesses. SMEs are our nation’s beating heart. Powered by passion, dedication, and vision, small business owners bring out the best in all of us. However, the devil is in the detail

HR Policies

How valuable is a workplace dress code?

Employers are entitled to insist on certain standards or ways of dressing if there’s a legitimate reason for that. However, employers should be wary of enforcing a rigid approach for all staff. The value of a workplace dress code A good impression When a customer walks into your business, the fir

HR Policies

Employee Complaints Of Favouritism In The Workplace

There is no doubt that favouritism in the workplace stems from bad management because it opens the door for employee complaints about unfair treatment and discrimination. All employees are entitled to, and expect to be treated equally. If there are policies, guidelines, opportunities for developmen
View all blogs

Do you have any questions regarding HR Policies

International Sites

United Kingdom

Republic of Ireland

Northern Ireland

Scotland

Canada

Australia

© 2025 Peninsula Employment Services Ltd. Registered Office: 8 Tangihua Street, Auckland CBD 1010

Peninsula Protect is a discretionary risk product issued by Peninsula Mutual Limited ACN 630 256 478 AFS Licence No. 544232. Peninsula Mutual Limited has appointed Peninsula Group NZ Limited NZBN 9429042175179 to distribute the discretionary risk product in New Zealand. To decide if this product is right for you, please read the Peninsula Protect Product Disclosure Statement (PDS) and Target Market Determination.