Learning Centre

Valuable insight and business learnings from our specialists

Protecting your business from cybercrime


The recent worldwide ransomware attack has dramatically highlighted the dangers of cybercrime. It not only threatens to bring down government systems – it’s also a war being waged on businesses of all sizes.

KPMG is here to help. We’ve launched a new service, called Cyber Accelerate, that’s specifically designed to help SME-size businesses protect themselves from cyber attack. It’s a suite of security services and toolsets that are both affordable and accessible.


  • What are the risks?

Philip Whitmore, who leads KPMG New Zealand’s Cyber Security practice, says it’s becoming increasingly critical that smaller businesses develop resilient defences to cybercrime.

“As our larger corporates are entering a more mature phase of protection, we are seeing attackers turn their attention to the ‘low-hanging fruit’ of exposed SME-size businesses.”

Whitmore says New Zealand is particularly attractive to offshore cyber-criminals – given both our high proportion of small businesses, and the fact we’re seen as a “soft target” among developed nations for phishing attacks. 

For example, the 2016 Norton Cyber Security Insights Report identified that 70% of New Zealand SMEs had been subject to phishing attacks, which is the most common method used to breach an organisation’s perimeter. Almost half (47%) had also been subject to other types of hacking attacks.


  • Who is protecting you?

Within your business, who’s in charge of cyber-security? And exactly what kind of protection do you currently have in place? If the answer to that second question is a little hazy, you’re not alone.

“Many smaller businesses mistakenly think they are covered by simply having a firewall and anti-virus software, however that is an approach that worked ten years ago, but not now,” says Phillip Whitmore.

“Or if they outsource their IT to someone else, they might believe they are taking care of everything. But in many cases, that can be wishful thinking. It’s critical that the business owner has oversight of both the risks and the protections that are in place.”


  • Customer expectations and laws are changing

Having robust cyber-security is also becoming an important supply chain issue for SMEs.

“Increasingly, customers and business partners will ask you questions about the cyber security controls you implemented, to ensure that their information is protected.”

Another issue is that New Zealand is likely to follow Australia’s lead and introduce mandatory reporting when a data breach occurs.

“If your data security is breached, you may be required by law to disclose this,” says Whitmore. 

“This could have serious implications for your brand, loss of trust with your customers, and even your ability to win clients in future.”


  • About Cyber Accelerate

KPMG’s new ‘Cyber Accelerate’ service is designed to help SMEs protect themselves from cyber-attack – covering everything from phishing, whaling and ransomware attacks; to breaches by disgruntled employees or competitors.

“We’ve designed a suite of nine products that are low-cost yet deliver a high return in terms of protection,” says Phillip Whitmore.

“These services are ‘right-sized’ and affordable for small to medium businesses. They are also simple to implement, regardless of whether the business has in-house IT capability or not.”

KPMG’s Cyber Security team all have hands-on IT experience. We have a deep understanding of what works in the real world – so our products and advice are realistic, practical, and effective.


Like to know more?

For information about KPMG’s cyber services, go to: kpmg.com/nz/cyberaccelerate 

Or if you want to talk to us about how KPMG Enterprise could help your business, drop us an email on SmallBusiness@kpmg.co.nz or give us a call on 0800 576 472.