A shocking new report showing a dangerous rise in cyber incidents should be a wake-up call to businesses and organisations of every shape and size to prepare for when – not if – they are targeted in a cyber attack, crisis communications specialist, Jacky James, says.
The National Cyber Security Centre’s (NCSC) latest quarterly Cyber Security Insights reveal there were three “highly significant” C2 incidents in just the first three months of this year – the first C2 incidents to occur in Aotearoa New Zealand since the 2021/22 financial year.
A C2 category incident affects sensitive data and/or causes disruption to New Zealand organisations of national significance.
The report shows the NCSC responded to 1164 incidents between January and March, with direct financial losses of $5.6 million – a 76 per cent increase on the previous quarter.
“Incidents like these can negatively impact hundreds of thousands of New Zealanders, cost businesses significant amounts of money, and cause immense damage to trust and reputation,” says James, Managing Director of First Response – a specialist cyber communications company.
“Most organisations have security defences and a technical plan in place to respond to a cyber incident. Far fewer are equipped to communicate with customers and deal with the reputation fallout, which can last far longer than the initial incident.”
“You can have the best technical response in the world, but if your community, customers, and stakeholders don’t hear from you at the right time, with the right information, speculation and uncertainty will fill the silence, and trust is impacted almost instantly.”
James says today’s rapidly evolving, highly tech-enabled world means cyber crises move faster, are more visible, and the public conversation can be harder to control.
“Misinformation can spread quickly – especially if there is an information vacuum – and confusion quickly follows.
“As security experts will tell you, there is risk to providing too much information publicly, as it can compromise the technical recovery. But that doesn’t mean you should stop talking altogether – you can always say something to reassure those who matter.”
James says organisations need to have a simple, clear communications plan that is easily accessible in a crisis.
“Regardless of the cyber situation, the key communication principles will always be the same – be consistent, clear, credible and human.
“If you have email, rely on IT systems to support your business, and/or manage a database, your organisation is at risk. When a cyber crisis hits, how you communicate with your community matters as much as the breach itself.
“Cyber security and AI-related crises are no longer a question of if, but when. The time to build the reputational firewall is now, not in the middle of an incident.”
Ends
First Response is developed and delivered by The Shine Collective – experts in crisis and issues management and wider strategic communications. The team has more than 25 years of frontline experience and expertise supporting organisations through complex, high‑pressure situations.
Contact: Jacky James, Managing Director, 021 577 871 – jacky@shinecollective.co.nz