Kordia report shows AI cyberattacks front of mind

New Zealand businesses must remain vigilant against cyber threats and be prepared to both defend and recover from attacks, says the Kordia New Zealand Business Cyber Security Report 2025.

The report, based on a survey of 295 business leaders from large (50+) organisations, found around two thirds of respondents had suffered a cyberattack or incident over the previous 12 months.

The three leading forms of attack were email phishing (43 per cent), through an unsecured website (22 per cent) or through an unsecured application (19 per cent).

The impacts from cyberattacks included interrupted supply chains, insurance claims, Privacy Act breaches and payment of ransom to cybercriminals – one in ten business impacted indicated they had paid a ransom or extortion demand.

“Around 40 percent of businesses who indicated their business experienced a cloud breach or misconfiguration in the past 12 months also faced a financial extortion by a cybercriminal,” the report found.

Kordia asked the business leaders what lessons had been learned from cyber incidents and the top three lessons identified were:

We should have invested more in better security systems and policies.
We need to improve and/or implement employee cybersecurity training.
We must ensure better implementation of basic security controls such as patching and monitoring.

Among the issues keeping leaders awake at night, it was familiar problems that led the pack.

“Human error and third-party attacks, which are both difficult to exert control over, remain high on the list of concerns,” the report said.

“The most obvious exception to this is the introduction of AI-generated cyberattacks, a new response added to the survey. Twenty-eight per cent of business leaders said AI attacks are a top concern.”

While it was high on the list of concerns, just 6 per cent of business reported an AI breach in the previous 12 months.

The full report can be downloaded here.