Published: 2 March 2026
Cyber Risk: What every kiwi business needs to know
Insights from Rothbury’s cyber resilience session in Queenstown (Oct. 25), plus fresh SME claims trends - Emergence, Cyber claims data report 2025
Cyberattacks are evolving rapidly - hitting faster, causing more disruption, and impacting Kiwi businesses of every size. During Cyber Awareness Month, Queenstown Branch Manager Jason Bodmin teamed up with Fraser Walker from Emergence Insurance to unpack what NZ organisations are facing today, and which practical steps make the biggest difference.
Their message was clear:
“Cyberattacks move fast - your response needs to be faster,” said Jason Bodmin during Rothbury’s cyber resilience session.
• Business Email Compromise (BEC) is commonly the highest-volume incident in SME data - think mailbox takeovers, invoice hijacks, and diverted payments.
• Ransomware is still the biggest cost driver, not because ransoms are always paid (they usually aren’t), but because of downtime and recovery: forensics, system rebuilds, data restoration, legal/notification, and crisis communications.
• Socially Engineered Theft (SET) persists due to process gaps (e.g. not verifying bank detail changes).
• Insider/privilege misuse continues to feature as a risk - a reminder that not every risk originates outside your walls.
• In recent observations, healthcare and professional services appear high-exposure sectors, with manufacturing also featuring in recent observations.
“It’s business interruption that breaks businesses - not just the ransom,” said Jason.
✔ Start with basic protections - Multifactor authentication (MFA), secure and tested backups, and ongoing staff training remain commonly identified as highly effective first-line defences.
✔ Keep records of your cyber practices - Documented processes (backups, patching, MFA rollout, incident response) help with underwriting, claims acceptance, and renewal approvals.
✔ Use insurance strategically - Ensure cover not only for technical recovery, but also loss of turnover, legal costs, privacy/notification obligations, and reputation management, especially where client data and contracts are involved.
Business interruption is often the biggest financial impact after a cyber incident – not the ransom itself. When choosing your limit and indemnity period, consider how long it would realistically take to rebuild systems, restore data, notify customers and recover delayed projects. Many SMEs have limited cash reserves, so choosing settings that bridge that gap is important.
• Enable MFA everywhere (email, VPN, remote access, admin accounts).
• Maintain offline/immutable backups and test your restores quarterly.
• Train staff regularly on phishing, payment change verification, and emerging risks such as deepfakes.
• Implement callback controls and dual approval on large or sensitive payments.
• Review your cyber policy for: Business email compromise/social engineered threat, cyber extortion, event response, regulatory/notification, and business interruption with a realistic indemnity period.
Today’s attacks can move fast, spread widely, and disrupt revenue for longer. The businesses that recover strongest combine effective controls (MFA, backups, training), clear documentation and fit for purpose cyber insurance that provides rapid expert support. Cyber exposure isn’t only from attackers targeting your systems; it can arise through clients, suppliers or partners. Strong cyber resilience considers how your business interacts with others, and insurance can help address the risks they may pose to you as well.
Keen to talk cyber resilience?
Speak with your local Rothbury broker — we’re here to help on how you can strengthen your cyber risk posture and check that your cover keeps pace with today’s threats.
This guide provides general information only and does not constitute financial or legal advice. Please consult your broker or professional advisor for guidance specific to your business.