Chief executives named cybersecurity as the biggest concern in the 2016 Herald Mood of the Boardroom survey.

But it turns out that New Zealanders are better at dealing with online risks than most people. Microsoft national technology officer Russell Craig says his company's research shows we get most things right.

Microsoft found New Zealand gets about half the global average rate of malware and cyber attacks. Better still, what researchers call the encounter rate - how often we see threats - is falling. In the rest of the world the encounter rate continues to climb.

The reasons are complex, Craig says, although an educated guess is that our computer users behave better and act smarter than those elsewhere.


We take the threat seriously. We keep our computers up to date with the latest software. We invest in protection and we tend to be law-abiding online citizens.

The recent Microsoft Security Intelligence Report says New Zealand's encounter rate fell from 13.3 per cent in the third quarter of 2015 to 11.8 per cent in the second quarter of 2016. Meanwhile, the worldwide encounter rate climbed from 17.8 per cent to 21.2 per cent over that period.

The encounter rate measures the proportion of computers running Microsoft's real-time security products that report seeing malicious software. This includes encounters that do not result in an infection. A large proportion of the world's computers run Microsoft software, so the measure show how much dangerous software turns up in a country.

In other words, New Zealand sees about half as much incoming malware as the global average.

Craig says New Zealand's improving encounter rate is a pattern that has now been showing for years. "It says something about how New Zealanders use Windows," says Craig. "If we look closer at the numbers, we can see that a greater proportion of New Zealanders use more modern versions of Windows. This means they are better protected.

"There's also evidence that more users here have some form of real-time threat detection capability running on their devices. New Zealand is a little ahead of the global average on this.

"The relatively lawful nature of New Zealand society helps. We have fewer cybercriminals here. It's hard to join the dots, but when we look around the world, we see the greatest rates of vulnerability and infection seem to correlate with the countries where there are higher rates of cybercrime."

There is also a correlation between software piracy and cybercrime, and New Zealand has one of the world's lowest levels of software piracy.

It's piracy that explains why Microsoft took such a strong early interest in cybersecurity.
Craig says the company set up its Digital Crimes Unit to address the widespread piracy of Microsoft software. "It didn't take long for them to identify the strong correlation between piracy and other online crime," he says. "The two things go hand-in-hand." Microsoft has been running its Security Intelligence Report since 2006.

Craig says that when you look at the incidents around the world, the cybercriminals seem to be doing well. "It's now a case of trying to stay ahead of them as much as you can.
While it isn't clear if the bad guys are winning, the level of threat continues to climb. The cost of dealing with cybercrime is also rising, especially in the commercial space".

Craig says that in many ways New Zealand's cybersecurity experience is comparable to Scandinavian countries. He says the factors at work are the nature of our society and the behaviour of our citizens and businesses. Government action at the national cybersecurity level is also helping.

It's a Microsoft survey, so it collects data from Windows computers. Craig says the number of users who have moved off the old Windows XP operating system is important. XP is no longer supported by Microsoft and is regarded as unsafe for everyday computing. "We can't offer the same level of protection to users that we can with later versions of Windows", he says.

As well, he says many New Zealanders have moved to Windows 10, which includes threat and risk mitigation tools that are a generation ahead of earlier Windows versions.

Craig says the vulnerability information his company tracks comes from a wide variety of sources - some from Microsoft, some from elsewhere. When it comes to malware protection and exploits, clean-up rate information comes from data gathered by Microsoft's Malicious Software Removal Tool or MSRT.

MSRT is installed automatically with modern versions of Windows and silently cleans up some 200 or so of the nastiest infections. It isn't a substitute for antivirus software, but acts as a backstop. In some cases, MSRT stops the malware in its tracks. Sometimes it may have executed before MSRT removed it.

The Security Intelligence Report says that in the second quarter of last year, MSRT would detect and remove malware from 5.4 out of every 1000 computers in New Zealand. This is up from the 3.1 rate in the third quarter or 2015. At that time, we were running at around half the international level. Today we are still well behind the global figure of 8.8. In effect, the measure shows how often dangerous software and other threats get past defences to the point where they could cause damage.