By Paul Purcell
A quarter of New Zealand companies are not safeguarding their sensitive information, and have no plans to implement any cyber security despite a growing number of risks.
Another third don't have an overall security strategy, but intend to make it a priority for 2016.
The survey compiled by Pricewaterhouse Coopers illustrates that the heads of New Zealand companies are feeling less confident in their ability to safeguard sensitive information.
"Each day, whether or not they realise it, New Zealand organisations are suffering financial losses, operational disruption and reputational damage because of security incidents," PwC executive Adrian van Hest said.
"Organisations must invest the time to understand which assets are most important to them, and then focus resources on dynamically protecting them."
About four in five New Zealand companies were confident, or somewhat confident in their IT security in 2014 but that assurance has dropped by 18 per cent this year.
The drop in confidence may be a better reflection on how effective the measures taken to secure information at companies in New Zealand are, PwC said.
"The reason for this, at least anecdotally, is that some organisations say that no one has told them something is wrong so they choose to believe there is no issue," Mr van Hest said.
"Another reason is many organisations trust their suppliers and believe that they will simply do the right thing when needed despite the absence of or even the specific exclusion of security obligations from contractual agreements."
PwC said that cyber security is not just an IT issue, but it encapsulates the entire company.
"There is no magic bullet for effective cyber security. It's a journey towards a culture of security, not a solution in and of itself."