Financial losses as a result of cyber-attacks averaged $19,000 for smaller New Zealand businesses, according to a survey by security software firm Symantec, almost three times the losses for Australian firms.

The survey of 525 business owners and operators of firms employing up to 20 people found that email and phishing scams were by far the most common, with 70 per cent saying they had been subject to such attacks. A further 47 per cent said they had been subjected to hacking attacks.

Norton by Symantec Pacific Territory manager Mark Gorrie said ransomware operations are becoming more sophisticated, with reports some even used help desks to assist with payments after firms were locked out of their own computers. The encryption used was also becoming harder to break.

Some 5 per cent of business owners said they had been affected by a ransomware attack and 13 per cent of those had paid a ransom to get back access to their data, with an average payment of $1,340. While all of them did manage to get their data back, in Australia 8 percent of those who paid never got it back, Gorrie said.


The average financial loss for small Australian firms surveyed was A$6,600 (NZ$7,193).

The survey showed 91 per cent of the small businesses used Windows devices and 48 per cent had Windows 10 as their main operating system. Some 84 per cent of laptops and 72 per cent of mobile phones were password protected, the survey showed. A further 27 per cent said staff had access to their firm's financial data via a mobile phone while 36 per cent could access it through a home computer.

The biggest impact of attacks was in the time wasted, with 45 per cent citing downtime and 41 per cent inconvenience. Privacy breaches were cited by 16 per cent of those in the survey while 15 per cent suffered financial loss and 12 per cent lost data.

The survey found that 70 per cent of firms used internet security, while 18 per cent didn't and 12 per cent didn't know if they did. Data recovery scored lower, with just 31 per cent having systems in place to automatically back up data, 26 per cent were doing it manually once a day and 19 per cent weekly. Seven per cent said they never backed up data or didn't know.

Gorrie said Symantec's advice included keeping software up to date, getting employees involved and using "strong" passwords