The Cyber attack that happened closer to home than expected
For many business owners, cyber attacks still feel like something that happens to “big companies” or organisations overseas.
The reality is very different.
Cyber breaches are becoming increasingly common across New Zealand, affecting businesses of all sizes - from professional services firms and tradies through to large corporates. And often, it starts with something as simple as a compromised email account.
Recently, a local business known to our team experienced this firsthand. Despite having strong IT systems and working closely with a professional IT provider, an employee’s work email account was hacked by a third party.
What happened next unfolded incredibly quickly.
Hundreds of emails sent within minutes
Initially, the hackers tested the compromised account by sending a small number of fraudulent emails to business contacts. These emails appeared legitimate and included invoice-style payment requests designed to trick recipients into transferring money.
As concerned contacts began replying to query the unusual emails, the business immediately engaged their IT provider to investigate. While remotely monitoring the account live, they watched in real time as hundreds of emails were rapidly created, sent, deleted, and removed from deleted folders. All within minutes.
Had the issue not been identified quickly, the consequences could have been significant.
Clients could have unknowingly transferred substantial sums of money to fraudulent bank accounts, and the breach may not have been discovered until much later.
The hidden impact of a cyber breach
While financial loss is often the first thing people associate with cyber attacks, the wider disruption to the business was significant.
The response process involved:
Contacting clients and business contacts immediately
Working through compliance and reporting obligations
Lodging the incident with the Privacy Commission
Resetting passwords and strengthening security settings
Upgrading email protections and systems
Managing the stress and operational disruption across the business
Even though the breach was identified quickly and no financial losses occurred, a considerable amount of time and resource went into managing the situation.
And importantly, this was a business that already had strong IT support and security measures in place.
Why Cyber Insurance matters
One of the key takeaways from the experience was the reassurance that came from having cyber insurance in place.
While many people think cyber insurance is simply about covering financial losses, it often provides access to specialist support teams who guide businesses through the response process during a highly stressful time.
In this case, the cyber insurer worked alongside the business and IT provider to help manage the incident, provide guidance on next steps, and support the business through the compliance and response process.
That expert support proved invaluable.
It’s not just big Businesses at risk
Cyber attacks are no longer isolated to major corporations.
Across New Zealand, businesses of all sizes are being targeted, including small local firms. In some cases, hacked email accounts have been used to send fake invoices requesting large payments from unsuspecting clients.
The methods are becoming more sophisticated, and unfortunately, even careful businesses with strong systems can still be vulnerable.
Is your business prepared?
If your business relies on:
Email communication
Online systems
Client information
Digital payments or invoicing
…then cyber risk is something worth reviewing.
Cyber insurance policies can vary significantly depending on the level of protection and support provided, and having the right cover in place can make a major difference if an incident occurs.
At The HTL Group we work with businesses to help identify the right level of cyber protection for their needs - providing support before, during, and after a claim.
