“We’re Too Small to Be a Target” — The Dangerous Myth Putting Kiwi Businesses at Risk

Introduction:

“We’re just a small business in New Zealand — no one would be interested in our data.”

This phrase might sound familiar. For many small and medium-sized Kiwi businesses, this belief has been a justification to delay or completely forgo investing in proper cybersecurity. But in today’s digital landscape, this mindset can be more harmful than helpful.

Why Cybercriminals Do Care About Small NZ Businesses

In reality, small businesses are more likely to be targeted — not less. Here’s why:

Low-hanging fruit: Cybercriminals know that SMBs often lack the robust security frameworks of larger enterprises. This makes them easier to exploit.

Automation doesn’t discriminate: Attackers use automated tools to scan the internet for vulnerabilities. These tools don’t care if your business has five employees or five hundred — if there’s a weakness, it will be found.

Data is data: Even if you think your business holds nothing of value, your customer information, email credentials, payment records, and internal systems can all be monetised on the dark web or used in further attacks.

Gateway to larger networks: Sometimes, small businesses serve larger corporations. Hackers might target an SMB as a stepping stone to access bigger fish via supply chain compromise.

Real Consequences in a Local Context

Cyber attacks don’t just happen overseas — they’re happening here, in our own backyard. From phishing scams targeting local SMEs to ransomware incidents that shut down operations, the impact can be financially and reputationally devastating.

The National Cyber Security Centre’s (NCSC) latest Cyber Security Insights report shows that New Zealand organisations lost almost half a million dollars to cybercrime in the last three months of 2024.

Security Isn’t Just for the Big Guys

Implementing good IT security doesn’t have to break the bank. A layered approach can be both affordable and effective. Here are some key areas every NZ small business should address:

Email security & spam filtering

Multi-factor authentication (MFA)

Endpoint protection and monitoring

Regular software updates & patching

Off-site backups and disaster recovery planning

Cybersecurity awareness training for staff

Working with a Managed Services Provider (MSP)

Partnering with an MSP gives your business access to enterprise-grade security without needing in-house expertise. At CommArc, we help New Zealand businesses of all sizes navigate the complex world of cybersecurity with tailored, scalable solutions.

Final Thoughts:

Cybersecurity is no longer optional — even for small Kiwi businesses. If you’re online, you’re a potential target. But with the right defences and a proactive partner, you don’t have to be a victim.