Cyber-attacks happen to businesses of any size, in every industry.

As our use of technology continues to evolve, so too does risk. Last year CERT NZ responded to over 6,000 cyber security incident reports from individuals and businesses all over New Zealand. 

In particular, online scams are on the rise, with CERT NZ reporting a 32% increase in scams and fraud reports in Q3 2023, with $4.7million in direct financial loss. Of those reports, 412 were scams involving buying, selling or donating goods – a 70% increase from 243 in Q2.

What are online scams?

An online scam is when someone attempts to deceive you into sharing your personal information, financial details, or money over the internet. A scam becomes fraud when the scammer uses your information for their own gain or receives money from you under false pretences.

Claire Haszard, Manager Northern Region - Financial & Professional Risks, says one of the most common claims under a cyber policy is fraudulent funds transfer. An example is when a ‘bad actor’ changes the bank account details on an invoice and the accounts department pays the invoice without verification.

“I haven’t seen a single claim in that space that couldn’t have been prevented had they had a robust verification process in place,” Claire says.

Other examples of online scams include using social media platforms, like Facebook Marketplace to arrange a purchase or sale, where the scammer convinces you to make payment or obtain goods from you without payment.

You’re not only at risk of financial loss or bad credit scores, but also reputational loss or operational impacts to your business should you fall victim to an online scam.

Protecting yourself or your business

Claire says that the first line of defence is awareness and vigilance. “It's often human oversight that is the weakest link which is causing these incidents to occur in the first place and with basic risk management they could have been avoided.”

She also says businesses should review their insurance policies to ensure they understand what they are and are not covered for. “People think if they have cyber insurance then it is going to cover any cyber-related claims, but there still has to be a policy trigger, typically being a breach of a system”, she explains.

“Cyber insurance, like any insurance policy, has limitations to what it can cover. It is absolutely important to have cover in place, but to also be aware of what those limitations are. If there are areas that the insurance policy can't or doesn't cover, then you can wrap around more risk management to further prevent losses occurring in that space”, says Claire.