Nearly half of large businesses were successfully targeted by cybercriminals over the past year, according to new research highlighting the growing scale and sophistication of digital threats facing companies.
The findings come from Kordia’s annual New Zealand Business Cyber Security Report, which found that 44 percent of large organizations experienced a successful cyberattack in the previous 12 months. The research also revealed that 61 percent of those affected experienced serious operational disruption, while roughly one in five incidents involved financial extortion attempts by attackers.
The data suggests that cyber threats are becoming both more frequent and more effective, particularly as criminals increasingly use artificial intelligence and advanced social engineering techniques.
Table of Contents
AI-Driven Attacks Are Changing the Cybercrime Landscape
Cybersecurity experts say the growing use of artificial intelligence by attackers is transforming the nature of cyber threats.
More than 80 percent of phishing emails now contain AI-generated content, making them significantly harder for employees and security systems to identify.
Patrick Sharp, general manager at Aura Information Security, a cybersecurity firm owned by Kordia, said attackers are also expanding into new forms of digital impersonation.
The survey found a rise in voice-based and video-based cyberattacks, in which criminals attempt to impersonate executives or employees using recorded or synthesized audio and video. These tactics exploit modern authentication systems that rely on biometric data such as voice or facial recognition.
One challenge with biometric authentication is that unlike passwords, biometric identifiers cannot be easily changed if they are compromised.
Security specialists say such tactics are part of a broader trend in cybercrime toward more targeted and psychologically manipulative attacks.
Phishing and Social Engineering Remain Primary Entry Points
Despite technological advances, many successful attacks still rely on manipulating human behavior rather than exploiting technical vulnerabilities.
Research in the report shows that AI-assisted phishing campaigns have achieved click-through rates of about 54 percent, far higher than the roughly 12 percent rate typical of traditional phishing emails.
Phishing messages often attempt to pressure victims into urgent actions such as resetting passwords, transferring funds, or opening malicious attachments.
Experts say these messages are designed to trigger emotional responses such as fear, urgency, or trust. Employees may feel pressured to act quickly when they believe a message has come from a senior executive or a trusted partner.
Cybersecurity professionals emphasize that taking a moment to verify suspicious messages—especially those requesting sensitive information or urgent financial action—can prevent many attacks from succeeding.
The scale of the problem has also grown rapidly in recent years. Phishing volumes have surged dramatically since 2022, with organizations around the world being targeted constantly and global financial losses reaching millions of dollars each day.
Businesses Call for Stronger Laws and Better Education
Many companies surveyed said stronger regulatory frameworks and improved cybersecurity education could help reduce the threat.
Among the proposals raised by business leaders were:
-
Government-backed cybersecurity awareness programs
-
Harsher penalties for companies that fail to adequately protect data
-
Mandatory reporting requirements for major cyber incidents
Currently, New Zealand’s privacy laws impose relatively modest penalties compared with those in some other jurisdictions. Maximum fines for certain breaches are significantly lower than penalties introduced in countries such as Australia, where large organizations can face much heavier financial consequences for failing to safeguard sensitive data.
Other regions—including parts of Europe and the United Kingdom—have begun tying cybersecurity preparedness to corporate governance responsibilities. In some cases, company directors can be held accountable for failing to ensure that adequate cybersecurity protections are in place.
Some experts argue that adopting similar frameworks could encourage stronger security practices across both government agencies and private companies.
Ransom Payments and Insurance Reflect Rising Risks
Financial pressures associated with cyberattacks are also increasing.
The survey found that half of business leaders said they would consider paying a ransom to cybercriminals, while a smaller percentage reported that their organizations had already paid a ransom during the past year.
Cyber insurance is becoming more common as companies attempt to mitigate these risks. However, cybersecurity specialists caution that insurance should not be treated as a substitute for strong security practices.
Instead, organizations are encouraged to invest in preventative security measures, employee training, and rapid incident response capabilities.
Even with such measures, recovery from an attack can be lengthy. About one-third of businesses affected by cyber incidents reported that it took roughly two months to fully resolve the problem.
Some companies also expressed uncertainty about whether they could survive a major cyberattack, highlighting concerns about the potential economic consequences of widespread cybercrime.
Cybersecurity Gaps Remain Across Many Organizations
Despite the rising threat, the research suggests that many organizations remain underprepared.
About one quarter of businesses surveyed said they had not implemented basic cybersecurity measures, such as employee awareness programs or practiced incident-response plans.
A shortage of cybersecurity professionals may also be contributing to the problem. Industry data indicates that only a small portion of organizations currently have access to the cybersecurity talent they need, reflecting a widening global skills gap.
Without sufficient expertise, many businesses struggle to detect attacks early or respond effectively when breaches occur.
What the Findings Signal for the Future
The report’s findings highlight a growing challenge for businesses operating in an increasingly digital economy.
Cybercrime has evolved from isolated hacking attempts into a sophisticated global industry involving organized criminal networks and advanced technology. The increasing use of artificial intelligence by attackers could further accelerate this trend.
For companies, the results suggest that cybersecurity can no longer be treated solely as a technical issue handled by IT departments. Instead, it is becoming a broader strategic concern affecting corporate governance, risk management, and business continuity.
As governments consider stricter regulations and organizations expand their security investments, the effectiveness of those measures will likely shape how businesses adapt to the next phase of the global cyber threat landscape.
Leave a Reply
Thank you for your response.
Please verify that you are not a robot.