The Importance of Cybersecurity for Protecting Sensitive Financial and Critical Business Information in Small Businesses

In today's digital age, cybersecurity has become a critical concern for businesses of all sizes. However, small businesses often underestimate the importance of robust cybersecurity measures, assuming that they are less likely to be targeted by cybercriminals.

This is even further misunderstood in New Zealand where we think our proximity to the rest of the world will mean a level of anonymity or safety. These misconceptions can lead to devastating consequences. 

Small businesses are, in fact, prime targets for cyberattacks due to their often-limited resources and less sophisticated security infrastructure. In NZ we use a lot of the same systems and setups of our larger trading partners such as Australia, UK, USA, Europe to name a few. This makes NZ a perfect test bed for cybercrime campaigns before moving onto larger targets.

Cyber threats are evolving at an alarming rate, with cybercriminals employing increasingly sophisticated techniques to breach security defences. Small businesses are particularly vulnerable because they may lack the support to implement comprehensive cybersecurity measures. According to a report by the National Cyber Security Centre (NCSC), 19% of cybercrime targeting New Zealand in 2024 was financially motivated . This statistic underscores the critical need for small businesses to prioritise cybersecurity.

Furthermore, 32% of incidents handled through the NCSC's general triage process reported an accompanying financial loss in Q4. The total reported financial loss was $6.8M, up 24% from $5.5M in Q3. 

The total financial loss in the last eight quarters is $44M and the average loss per quarter $5.5M. 

Financial Information: A Prime Target

Sensitive financial information is one of the most sought-after targets for cybercriminals. This includes bank account details, credit card information, payment processes, and financial statements. A breach of this information can lead to significant financial losses, both for the business and its customers. For small businesses, the financial impact of a cyberattack can be catastrophic, potentially leading to insolvency.

Moreover, the theft of financial information can damage a business's reputation, eroding customer trust and loyalty, and ultimately devaluing the business and its brand. Customers expect their financial information to be handled with the utmost care, and a breach can result in a loss of confidence that is difficult to rebuild. Implementing strong cybersecurity measures is essential to protect this sensitive information and maintain customer trust.

Protecting Critical Business Information

In addition to financial information, small businesses must also protect other types of critical business information. This includes intellectual property, trade secrets, customer data, and employee records. A breach of this information can have far-reaching consequences, including legal liabilities, loss of competitive advantage, and operational disruptions.

For example, the theft of intellectual property can result in the loss of unique products or services that differentiate a business from its competitors. Similarly, a breach of customer data can lead to supply chain attacks, identity theft and fraud, exposing the business to legal action and regulatory fines. Protecting critical business information is, therefore, essential to ensure the long-term viability and success of a small business.

Cybersecurity Measures

To protect sensitive financial and critical business information, small businesses should implement a range of cybersecurity measures. These measures should be tailored to the specific needs and risks of the business, and may include:

1. Good mail filtering and email setup: The most common attack on NZ businesses in 2024 was Phishing (an email with a malicious link) and is the most common method of initial access. Good mail filtering removes the majority of these emails before they get to a user.
2. Firewalls and Antivirus Software: Firewalls act as a barrier between a business's internal network and external threats, while antivirus software helps detect and remove malicious software. Together, these tools provide a basic level of protection against cyber threats. For businesses looking for added protection a good MDR (Managed Detection and Response) tool includes proactive monitoring of malicious processes on end user devices, catching anything if a user does accidentally click on a bad link.
3. Encryption: Encrypting sensitive data ensures that even if it is intercepted by cybercriminals, it cannot be read without the decryption key. This is particularly important for financial transactions and the storage of sensitive information. Most NZ companies don’t mask or encrypt sensitive data stored within various databases the company may use.
4. Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring users to provide two or more forms of identification before accessing sensitive information. This can significantly reduce the risk of unauthorised access.
5. Regular Software Updates: Keeping software up to date is essential to protect against known vulnerabilities. Cybercriminals often exploit outdated software to gain access to systems, so regular updates are crucial.
6. Employee Training: Human error is a leading cause of cyber incidents. Training employees on cybersecurity best practices, such as recognising phishing emails and using strong passwords, can help prevent breaches. Modern attacks have an element of speed in them hoping to get a user to commit an action before thoroughly thinking it through. You are only as secure as your weakest link!
7. Incident Response Plan: Having a plan in place to respond to a cyber incident can help minimise the damage and ensure a swift recovery. This should include steps for containing the breach, notifying affected parties, and restoring systems. If your IT support is outsourced ensuring you have a combined plan with your support partner is critical to ensuring a quick response

A proactive approach to cybersecurity is essential for small businesses.
Rather than waiting for a cyberattack to occur, businesses should take steps to identify and mitigate potential risks. This includes conducting regular security assessments, monitoring for suspicious activity, and staying informed about the latest cyber threats.

Additionally, small businesses should consider investing in cybersecurity insurance. This can provide financial protection in the event of a cyber incident, covering costs such as legal fees, notification expenses, and business interruption losses.

Business owners and company boards must prioritise cybersecurity as a fundamental aspect of their strategic planning. Investing in robust security measures, fostering a culture of cybersecurity awareness, and staying informed about evolving threats are crucial steps in protecting financial data and ensuring long-term business success.

Where to go for help?

For business owners, management, and even directors and board members, there is a lot of free advice and assistance available.

• Consult with a professional cybersecurity professional or company
• Consider adding an IT/Cybersecurity professional as an advisory board member 
• The institute of directors has lots of information available including their 2025 Cyber risk guide 
• Cert NZ - www.cert.govt.nz 
• National Cyber Security Centre - www.ncsc.govt.nz  

This article was written in collaboration between Andersen New Zealand and Softsource vBridge. Softsource vBridge provides end-to-end ICT solutions and support services built on security, for organisational efficiency and growth. Visit their website www.svbgroup.co.nz or contact Mike Jamieson via mjamieson@svbgroup.co.nz or 09 918 3712. 

Reference:
NCSC-Cyber-Threat-Report-2024-FINAL.pdf
Cyber risk: A practical guide 2025