• About Us
  • Advertise with Us
  • Contact Us
  • Events
  • Newsletter
  • Podcasts
  • Digital Magazine
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
  • About Us
  • Advertise with Us
  • Contact Us
  • Events
  • Newsletter
  • Podcasts
  • Digital Magazine
NZBusiness Magazine

Type and hit Enter to search

Linkedin Facebook Instagram Youtube
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
NZBusiness Magazine
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability
InsightTechnology

Cyber security in 2025: A guide on how to protect your business

Dasha Kuprienko
Dasha Kuprienko
April 22, 2025 5 Mins Read
404 Views
0 Comments

Kordia’s latest research has unveiled alarming statistics about the surge in AI-driven cyber-attacks targeting Kiwi businesses. NZBusiness sits down with Horatiu Petrescu, Senior Security Advisor at Kordia-owned security consultancy, Aura Information Security, to discuss the evolving threat landscape and what practical measures your business can implement to significantly strengthen your defences against cybercriminals.

Cyber-crime is more prevalent than many businesses realise, and few are willing to admit when they’ve been targeted. In March, Kordia released its New Zealand Business Cyber Security Report Cyber Security Report that revealed a significant increase in AI-powered attacks on businesses. Nearly two-thirds of surveyed organisations reported experiencing a cyber incident within the past 12 months. More alarmingly, over a quarter of businesses said they offered no cybersecurity training to staff.

According to Horatiu, this lack of preparedness is a major concern.

“AI has supercharged the capabilities of cyber criminals, making attacks faster, more sophisticated, and harder to detect,” he says.

Phishing remains one of the most common entry points for attackers. While poorly written emails were once easy to spot, artificial intelligence now allows threat actors to mimic the language and tone of CEOs and colleagues with striking accuracy.

“All phishing emails follow a pattern. They try to provoke urgency, fear, or uncertainty. Recognising that attackers use this for emotional manipulation is key to avoiding traps,” says Horatiu.

As cyberattacks grow more convincing, businesses must shift their focus from simply detecting threats to proactively preparing their people and systems to respond effectively.

Attackers commonly use phishing tactics to harvest login credentials, allowing them to move across systems unnoticed. From there, they may access sensitive data, financial information or client records.

“A common misconception is that hackers need a lot of sophistication to break into complex systems. In reality, it’s often as simple as one employee clicking a fraudulent link. That’s the window into the fortress,” says Horatiu.

Small and medium-sized enterprises are particularly at risk. Many lack the technical expertise or resources of larger organisations, making them attractive targets. According to Horatiu, the solution lies in a layered defence.

“Think of it like James Reason’s Swiss Cheese Model. Each layer has holes, but when you stack them together, the gaps are covered. This is called defence-in-depth and it’s about combining visibility, smart technology, and human awareness.”

Horatiu Petrescu.

Despite this, one-third of surveyed businesses do not report cyber risks to their Boards on a regular basis, and 67 percent have never conducted a penetration test.

A penetration test, sometimes referred to as a ‘pen test’, is a simulated cyberattack carried out by ethical hackers.

It identifies vulnerabilities in systems before bad hackers can exploit them.

“It’s a basic health check for your digital systems, yet most SMEs aren’t doing it. Often it’s because they’re unaware or assume it’s too costly,” Horatiu says.

Preparation is just as important as prevention.

Kordia recommends that businesses conduct annual incident response tabletop exercises.

These simulated scenarios help teams practise their technical response, decision-making and communication under pressure.

“These exercises create muscle memory. When the real thing happens, your team knows exactly what to do.”

One of the most overlooked elements of incident response is communication.

Many businesses hesitate to inform clients, stakeholders or the media following a breach. However, failing to communicate can be just as damaging as the incident itself.

Unlike in Australia or the United States, where stronger regulations and penalties are in place, New Zealand’s cyber regulations remain comparatively relaxed. Horatiu expects that to change.

“In our previous reports, businesses actually expressed a desire for tighter regulation because it forces security to the top of the agenda.”

Until those regulations are introduced, SMEs have both an opportunity and a responsibility to lead the charge. Kordia recommends taking a risk-based approach, identifying your most critical digital assets, and prioritising protections accordingly.

For businesses unsure where to start, Horatiu recommends free resources such as Own Your Online, a New Zealand government initiative that provides simplified guidance for small businesses and individuals.

“The toolkit covers everything from password management to backup procedures. It’s a great starting point.”

For New Zealand SMEs, the stakes are simply too high to be treating cybersecurity lightly and it should not be an afterthought.

“Cybersecurity isn’t something you implement once and forget. It’s ongoing, it’s layered, and it requires buy-in from every staff member. The sooner businesses embed it into their operations, the better prepared they’ll be for whatever’s coming next.”

Whether it is investing in training, setting up protection tools, or conducting simulated incident exercises, the first step is to get started. Cyber threats are evolving, but so too are the tools and knowledge available to defend against them.

As Horatiu puts it, “It’s no longer a matter of if, but when. The good news is, there’s plenty that businesses can do, starting today.”

Three steps your business can take today

While AI-driven threats may sound daunting, Horatiu believes there are clear and practical steps that SMEs can take to build resilience.

  1. Cybersecurity awareness training: Education remains one of the main tools available. “Training, which includes phishing exercises, should be run quarterly or at least twice a year. It needs to include real examples that people can relate to. Walk them through how breaches happen and make it relevant to their role,” Horatiu says.
  2. Password hygiene: Encouraging staff to use unique and complex passwords is essential. Reusing the same password across platforms remains a widespread and dangerous habit. “Using a reputable password manager makes life easier and safer. And multi-factor authentication is a must. It’s your last line of defence.
  3. Email protection tools: Since phishing emails remain the most common method of attack, businesses should invest in email protection tools, especially ones that utilise AI to better detect threats. These solutions scan messages for suspicious links, sender anomalies, and content patterns before a user has the chance to interact with them.

“Advanced email scanning tools used to be expensive, but there are now cost-effective business options available that offer excellent protection,” says Horatiu.

Tags:

Lead

Share Article

Dasha Kuprienko
Follow Me Written By

Dasha Kuprienko

Dasha is a Digital Journalist at Pure SEO, and writes across the Pure 360 portfolio of titles.

Other Articles

Previous

From rugby to rubber: How a Kiwi athlete built a global automotive products business

Next

Forward thinking Smart Marine is in growth mode, soon to open fifth store

Next
April 23, 2025

Forward thinking Smart Marine is in growth mode, soon to open fifth store

Previous
April 21, 2025

From rugby to rubber: How a Kiwi athlete built a global automotive products business

Subscribe to our newsletter

NZBusiness Digital Issue – March 2025

READ MORE

The Latest

Step back to move forward – how Kiwi business owners can unlock growth

May 12, 2025

Samsung CSP: Leading the way in tech repairs across New Zealand

May 12, 2025

A business journey from surgeon to CEO

May 9, 2025

Entries open for 2025 Sustainable Business Awards

May 8, 2025

The new concrete flooring system that won’t end up in landfill

May 8, 2025

The business of saving lives

May 7, 2025

Most Popular

NZBusiness Digital Issue – June 2024
Understanding AI
Navigating economic headwinds: Insights for SME owners
Nourishing success: Sam Bridgewater on his entrepreneurship journey with The Pure Food Co
Navigating challenges: Small business resilience amidst sales decline

Related Posts

A family business built on trust, now with the support of AI

April 18, 2025

Building cyber resilience: A practical guide for small businesses

April 15, 2025

The rising threat of cybercrime to small business, and why insurance matters

April 9, 2025

Modernising digital payment solutions

March 28, 2025
NZBusiness Magazine

New Zealand’s leading source for business news, training guides and opinion from small businesses to multi-national corporations.

© Pure 360 Limited.
All Rights Reserved.

Quick Links

  • Advertise with us
  • Magazine issues
  • About us
  • Contact us
  • Privacy policy
  • Sitemap

Categories

  • News
  • Entrepreneurship
  • Growth
  • Finance
  • Education & Development
  • Marketing
  • Technology
  • Sustainability

Follow Us

LinkedIn
Facebook
Instagram
YouTube
  • Home
  • News
  • Opinion
  • Entrepreneurship
  • Self Development
  • Growth
  • Finance
  • Marketing
  • Technology
  • Sustainability