News -- Kiwi SMEs face triple-threat from cybercrime

Kiwi SMEs face triple-threat from cybercrime

New Zealand’s small to medium businesses are faced with three big reasons to boost their cyber security, warns KPMG.

Philip Whitmore - KPMG NZ - Partner

Partner - Cyber Security

KPMG in New Zealand


As well as being a growing target for cyber-criminals, they need to prepare for future mandatory reporting of data breaches, and increased sensitivity from customers and business partners.

Philip Whitmore, the national leader of KPMG’s Cyber Security practice, says it’s becoming increasingly critical that smaller businesses develop resilient defences to cybercrime.

“As our larger corporates are entering a mature phase of protection, we are seeing attackers turn their attention to the ‘low-hanging fruit’ of exposed SME-size businesses.”

Whitmore says New Zealand is particularly attractive to offshore cyber-criminals – given both our high proportion of small businesses, and the fact we’re seen as a “soft target” among developed nations for phishing attacks. 

For example, the 2016 Norton Cyber Security Insights Report identified that 70% of New Zealand SMEs had been subject to phishing attacks, which is the most common method used to breach an organisation’s perimeter. Almost half (47%) had also been subject to other types of hacking attacks.

In response to these growing threats, KPMG New Zealand has launched a cyber security service tailored to the needs and resources of smaller and medium-sized businesses.

“Many smaller businesses think they are covered by their antivirus software, or that their IT provider will protect them; but in reality, that’s wishful thinking. Good security is not just an IT issue; it’s a business issue. Every business owner should have oversight across it.”

Another issue is that New Zealand is likely to follow Australia’s lead and introduce mandatory reporting when a data breach occurs. This will have implications for New Zealand businesses of all sizes.

“If your data security is breached, you may be required by law to disclose this,” says Whitmore. 

“This could have serious implications for your brand, loss of trust with your customers, and even your ability to win clients in future.”

Similarly, KPMG also warns SMEs that having robust cyber-security is fast becoming an issue for customers, and a supply chain issue.

“Increasingly customers and business partners are asking SMEs questions about the cyber security controls they have implemented, to ensure that their information is protected.  Demonstrating that you have effective controls in place builds upon the trust you have already established, and may also provide you a competitive advantage.”

KPMG’s new ‘Cyber Accelerate’ service is designed to help SMEs protect themselves from cyber-attack – covering everything from phishing, whaling and ransomware attacks; to breaches by disgruntled employees or competitors.

“We’ve designed a suite of nine products that are low-cost yet deliver a high return in terms of protection. It’s important to remember that every business has something of value to cyber-criminals – whether it’s money, database information, or other intellectual property.”

For information about KPMG’s cyber services, visit

© 2023 KPMG, a New Zealand Partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit

Connect with us