New Zealand Businesses Hit by Cyberattacks: AI Phishing on the Rise

Post Views: 11

New Zealand Businesses Reel from Cyberattacks as AI-Driven Phishing Surges

A recent report by Kordia has revealed that nearly half of large New Zealand businesses fell victim to successful cyberattacks in the past 12 months, with a staggering 61% experiencing significant disruptions, including extortion in one-fifth of cases. The 10th annual Business Cyber Security Report paints a grim picture of the country’s cybersecurity landscape, where AI-powered phishing has become a dominant threat.

Cybercriminals Leveraging AI for Phishing Attacks

Cybercriminals are increasingly leveraging artificial intelligence to craft highly convincing phishing attacks that exploit human emotions at unprecedented speeds. These attacks often involve hyper-personalized voice, video, and deepfake content designed to prompt hasty actions, such as sharing sensitive credentials. The use of AI in phishing has led to a significant increase in click-through rates, with 54% of recipients falling prey to these scams, compared to 12% for traditional phishing attempts.

Rise in Phishing Volumes and Global Losses

The report cites Microsoft’s 2025 report, which notes a 1,200% increase in phishing volumes between 2022 and 2025. This translates to organizations facing phishing attacks every 39 seconds, resulting in daily global losses of $18 million. Furthermore, the use of biometric data, such as voice or facial recognition, has introduced new vulnerabilities, as this data can be easily compromised and used in multi-modal attacks.

Business Threats Vary by Size and Type

The report highlights that business threats vary by size and type. Smaller firms with 50-99 employees are most concerned about phishing and ransomware extortion, while mid-sized organizations with 100-200 employees worry about AI misuse and insider threats. Larger entities with over 200 employees prioritize DDoS disruptions and AI-generated threats, with half of leaders willing to pay ransoms, and 8% having already done so in the past year.

According to the report, one-third of victims took two months to recover from cyberattacks, casting doubt on their ability to withstand major hits. In response, New Zealand businesses are calling for tougher laws, government-backed awareness programs, and harsher penalties for cybercrime. They also demand mandatory breach reporting, similar to models adopted in the EU, UK, and Australia, which tie cyber resilience to director liability.

Combating Cyber Threats

To combat these threats, businesses are prioritizing employee training, detection software updates, and response coordination. However, 25% of organizations lack basic data security or incident response plans, leaving them vulnerable to attacks. Cyber insurance claims have increased to 17%, but premiums are soaring, forcing many businesses to absorb costs from data loss, fines, and supply chain disruptions.

Cyber Talent Gap

The World Economic Forum notes that only 14% of organizations have adequate cyber talent, with gaps increasing by 8% since 2024. Experts urge businesses to focus on reducing risks rather than relying on insurance, pausing under pressure, and verifying uncomfortable requests. The report warns that state and criminal actors are exploiting gaps in the cybersecurity landscape, where AI is increasingly blurring the lines of attack detection.