New Zealand companies are over-reliant on basic cyber security measures and struggling to respond to an increasingly complex digital world, according to a survey.
Although more cyber attacks are coming from insiders and business partners, two-thirds of organisations still use basic penetrations tests as their primary control rather than developing a comprehensive strategy.
Penetrations tests identify weak points in a company's IT infrastructure so they can be addressed before a security breach.
The Global State of Information Security Survey 2017, the first part of which has been released by Pwc New Zealand, says local businesses are lagging in their cyber security spending compared with the rest of the world.
The proportion using managed security services is almost half that of Australia (44 per cent compared with 78 per cent).
At the same time, the origins of cyber attacks are becoming more diverse.
The study says respondents were twice as likely to report security breaches that originate from their business partners compared with last year (21 per cent compared with 10 per cent).
"Rather than trying to ring-fence their organisation, companies now have to develop a proactive security approach across their entire digital presence," PwC cyber practice leader Adrian van Hest said.
"That means holding suppliers accountable for breaches, addressing the risk from employees and treating customer data privacy as a competitive advantage."