Two-thirds of incoming emails contain content that could pose a security risk according to data collected by the government, Communications Minister Amy Adams says.
Adams was a panelist at the PwC Herald Talks session on cybersecurity and said government and private sector must share resources and experiences to help combat threats as the business world becomes more digital.
Keynote speaker Garry Barnes, vice president of ISACA, said while technology can deliver value to businesses, it could also create risk.
ISACA research showed 28 per cent of businesses had experienced an advanced persistent threat to their security.
Historically, most of the threats were targeted at government organisations, but recently the threats were more widespread, Barnes said.
Security on mobile devices lagged behind other devices, particularly when employees brought their own devices to their workplace, he said.
"Organisations need to understand the value of their critical assets to themselves and to the attacker," Barnes said.
Personal information is worth a lot of money for hackers who sell it on the Dark Web. Currently health data, which can be used for insurance fraud, was worth ten times more than credit card information.
SMEs often do not have the skills or knowledge to understand and protect themselves from cyber threats and should be looking to cloud-based operating systems for security reasons, Barnes said.
This month Apple refusing to unlock iPhones used by suspected terrorists. Adams said she disagreed with "mass trawling" of data, but said when a situation arose where a search warrant was produced, companies have to cooperate.
Michael Brick, legal counsel for Microsoft New Zealand, agreed with Adams.
"It's critical for tech companies to work hand in hand with law enforcement. Our bottom line is there really needs to be transparency."
Brick said Microsoft publishes the number of requests for user information from law enforcement officials around the world.
Barbara Chapman, managing director at ASB, said the bank's advice to customers was to keep vigilant by remembering the basics in personal security, including never giving passwords out, but to leave anything more serious to security experts.
Adrian Van Hest, PwC national cyber expert, said the business community should share security threat incidents to build shared knowledge.
• The PwC Herald Talks series are brought to you by PwC, The New Zealand Herald, Newstalk ZB and event partners Massey University, ATEED, SKYCITY and Kea. The next PwC Herald Talks event, on innovation, will be on May 18. Tickets available from iTicket.