Cybersecurity – The Human Cost of Inaction

Many Senior Execs expect people who have made them tens of thousands, hundreds of thousands, or even millions of dollars of profit in their ‘day job’ to also be IT experts, more specifically cybersecurity experts. That’s a big ask. 

They think that telling their staff not to click on a link is enough cybersecurity training when cybercrime is a multi-trillion dollar industry that exists, and constantly evolves, with the sole purpose to make money by exploiting people such as the CFO, the star sales person, or the GM or Admin Manager who have given their all and metaphorically sweated blood to make the business a success.  

According to a Forbes article published last year the total cost of damages incurred by cybercrime is expected to reach $10.5 trillion by the end of 2025. 

That means a lot of super-smart people are being exploited every single day. 

One false click on a bad day or when they are distracted for a few seconds and their world can come crashing down. They have potentially just put themselves in a position where they will lose their job because their actions have cost the business thousands, or potentially millions, of dollars. 

Even if they don’t lose their job because it’s recognised as a legitimate mistake, they are still dragged over the coals, they feel violated and sick to their stomachs. Their mental health is massively affected because they feel they have let everyone down. In the worst case scenario, they might still lose their job anyway, along with everyone else because the business can’t recover from either the significant loss of money or huge reputational damage that can result from a successful cyber-attack. 

The stupid thing is the risk of this happening can be massively mitigated by putting the right tools and practices in place. So many businesses, big and small, think it won’t happen to them, but successful attacks are happening to businesses just like these thousands of times a day.   

Don’t believe me?  

Here’s some bedtime reading… 

Quarter One Cyber Security Insights 2025 | CERT NZ 

New Zealand is not immune. In Q1 2025, the NCSC responded to 1,369 cyber incidents, with 77 of national significance. Financial losses reached NZD $7.8 million, a 14.7% increase from Q4 2024. Phishing and credential harvesting incidents rose by 15% and the Phishing Disruption Service processed 5,916 indicators. 

Cybersecurity Stats: Facts And Figures You Should Know – Forbes Advisor 

This article highlights the surge in cyberattacks, with 343 million victims in 2023 and a 72% increase in data breaches since 2021. Email remains the top malware vector, causing significant financial losses. The cybersecurity workforce gap reached 4 million in 2023, emphasising the need for skilled professionals. 

Arctic Wolf 2025 Threat Report 

The 2025 Arctic Wolf Threat Report provides an in-depth analysis of the evolving cyber threat landscape. Here are some key highlights: 

Data Theft and Ransomware: The report emphasises a critical shift in cybercriminal behaviour, with data exfiltration becoming a norm. In 96% of ransomware cases analysed, data theft was involved, indicating that attackers are stealing data before encrypting it to maximise pressure on victims 

Top Cybersecurity Incidents: Three types of incidents dominate the landscape: ransomware (44%), business email compromise (BEC) (27%), and intrusions (24%). BEC is particularly prevalent in the finance and insurance sectors, accounting for 53% of cases in these industries 

Exploited Vulnerabilities: In 76% of intrusion cases, attackers exploited just 10 specific vulnerabilities, none of which were zero-days. This highlights the importance of proactive patch management to mitigate risks. 

So, what can you do to mitigate these constant threats? 

The first thing to do is get educated. There are some great Security Awareness Training tools out there that are designed to help you and your team identify and respond to various types of cyberattack. 

Alongside the education piece you need to work with your IT provider or internal IT team to ensure your technology stack has active defenses in place to repel a cyberattack.  Seriously consider deploying tools and practices such as managed detection and response (MDR), identity threat detection (ITDR), multi-factor authentication (MFA), device patching, password management, data loss prevention (DLP), and data backups. Together, these measures empower your team, protect sensitive data, reduce human error, and ensure business continuity while defending against a wide range of cyber threats and compliance risks. 

The other key thing to do is to align to an internationally recognised cybersecurity standard such as SMB1001. This benefits organisations and businesses by providing a robust and recognised framework for cybersecurity practices. It helps ensure compliance with industry standards, reduces the risk of cyber threats, and enhances customer trust. By following SMB1001, you will demonstrably implement effective security measures, protect sensitive data, and maintain business continuity. This alignment also demonstrates a commitment to safeguarding assets and can improve the company’s reputation in the market. 

The importance of proactively managing your cybersecurity posture cannot be overstated. The human cost of inaction is far reaching and significant, affecting not only the financial stability of your business but also the personal lives of the individuals in your team. By prioritising cybersecurity measures, you will not only protect sensitive data, you will also maintain customer trust and ensure business continuity. If you also align to a standard like SMB1001 you will have proved that you are working to a robust framework for implementing effective security practices, further demonstrating your commitment to protecting both your company and its stakeholders. The time to act is now, as the consequences of neglecting cybersecurity can be devastating. 

Find out more about cybersecurity and AI or have a chat with us to find out more.