By James Penn

In tumultuous international times, New Zealand's executives are more concerned about the impact of cyber crime than high-profile issues such as nuclear instability and "the Trump factor".

The threat is so significant some companies are even "attacking" themselves to identify weaknesses before hackers are able to do so.

Asked to rate 14 international issues on a scale of 1-10 in terms of impact on business confidence in New Zealand, respondents reflected mixed views: 10 of the 14 issues rate somewhere between 5 and 6.5 on average.


However, cyber crime sat head and shoulders above the rest with an average impact rating of 7.64; over a point above the next most impactful issue ("Trump factor", 6.47).

A managing director in the logistics sector argued cyber crime is "the biggest threat to business continuity that exists today."

Seventeen respondents indicated "extreme concern" about the issue, while a mere 5 of the 118 respondents registered anything less than "reasonable concern".

The results suggest a clear - and rapid - trend: in the 2015 survey, cyber crime rated 5.9; last year it became the top issue, at 7.16.

Warnings sounded by cyber security experts came to fruition earlier this year with the WannaCry ransomware attack penetrating the UK's National Health Service computers and locking down crucial patient data.

The attack spread rapidly, infecting over 100,000 computers within the first day. It hit the shores - or the networks - of some 99 different nations.

The ability to trace and punish the source of such attacks is becoming more challenging.

The WannaCry hackers demanded ransom payments in the form of Bitcoin, a cryptocurrency, making it impossible to know who the recipients of such funds were or to place a freeze on the fraudulently-obtained funds in the aftermath.

What are CEOs doing about it?

One managing director in the property sector, said their company is utilising a "planned attack" internally to "increase awareness" and demonstrate how easy it was to break down the digital environment of the company.

Some companies globally are now utilising a similar process, known as penetration testing. This involves hiring hackers - in some cases former cyber criminals - to launch an attack on the company's digital assets in a controlled environment.

This allows the company to identify and address vulnerabilities before an actual cyber criminal is able to.

Another managing director, in the financial services sector, suggested there is a need to "lift governance and executive awareness and capability", and considered cyber security to be the top issue facing the nation.

According to the managing director one of New Zealand's largest digital companies, Spark, cyber threats are "our new reality".

"The enemy outnumbers the good guys by 100 to 1," explains Simon Moutter. "All businesses need to be implementing best practice protection and management capability to defend against these threats."

Spark has built the largest cyber security operations centre in New Zealand in order to offer cyber security services to a broader range of companies.

The services generate around $40 million in revenue per year and Spark boasts roughly 130 cyber expert staff on its books.

"We can confidently say that we're the best at that in New Zealand today," says Moutter.

"And we're working hard to bring that capability to the mid market."

"At the moment, it's designed around large organisations, who have very specific needs; but the more we can create a service for a wider market, the better," he says.

Prevention is a big focus of investment for Kiwi executives: when asked if they were doing more to respond to the threat of cyber attacks, two thirds of respondents answered "yes, in a major way"; a further 30 per cent said they are doing more "in a modest way".

Just 3 per cent answered "not yet, but expecting to" - and not a single respondent answered "not at all".

Joanna Perry, a non-executive director on a number of boards, argued that mitigation is also important: "we need to all understand it exists and we will get caught; it's about mitigating the consequences."

The Herald's Mood of the Boardroom 2017 Election Survey attracted participation from 118 respondents. The results were debated this morning by shadow finance spokesman Grant Robertson and National's Finance Minister Steven Joyce.