Business leaders are not taking cybersecurity seriously enough, and this poses a significant risk to their companies\u2019 reputations, warns Dr Ryan Ko of the University of Waikato.\n\u201cCommunications is a much neglected aspect of responding to cybersecurity incidents,\u201d says Ko, speaking at a business forum in Hamilton, organised byHMC Communications.\n\u201cThe spread of information is so fast, and reputations are very hard to get back when lost,\u201d says Ko, who established New Zealand\u2019s first cybersecurity graduate programme and lab in 2012 and is director of the NZ Institute for Security and Crime Science. \nKo says that the size of cybercrime internationally was larger than drug trafficking, according to a Norton Cybercrime Report.\n\u201cIt was reported that, globally, cybercrime cost $388 billion which was larger than the cost of drug trafficking at $288 billion,\u201d says Ko, in a statement. \u201cEvery half-second a unique malware or virus is created somewhere in the world. Cybersecurity is a serious concern for companies, and New Zealand business leaders need to do more to protect their company and their customers.\u201d\nNo caption\nCybersecurity has to be the biggest concern for executives today. It has the potential to destroy consumer confidence in an organisation and also materially affect the financials of an organisation.Bradley de Souza\nKo says that there was a global trend with businesses and boards of directors being held liable for cybersecurity incidents. \u201cThe public perception is that businesses and boards should take responsibility for personal information, and that means cyber-attacks have legal implications for directors,\u201d says Ko. \u201cIt\u2019s not a matter of \u2018if\u2019 it will happen, but when, and directors may be facing liability.\u201d\nKo cited the example of Target, a well-known US discount retailer, who was affected by a cybersecurity attack in 2013. Hackers stole credit and debit card information from up to 40 million customers which revealed the company\u2019s weak cybersecurity measures and ended up costing the retailer millions of dollars.\nAnother case was the Wyndham Worldwide Corporation, a US hotel chain that was sued in 2012 for breaching customer\u2019s confidential information when credit card details were hacked and posted to a Russian website.\nKo says that New Zealand companies are at risk of cyberattack, and more than half \u2013 56 per cent \u2013 of New Zealand companies claimed to have a cyberattack at least once a year (in 2014). \nThe five top threats to New Zealand companies, identified by Ko and his research team, included ransomware, distribute denial of service (DDoS), social engineering, hijacking unpatched platforms and obsolete communications, cyber forces and weaponry.\n\u201cMany think it will not affect them, especially small to medium businesses, but they are not immune,\u201d says Ko.\nThe one area where management needs training has to be cyber security, says Bradley de Souza an internationally recognised CIO\/CTO\/COO who has specialised in change, transformation and recovery across industries around the world.\n\u201cWe are seeing an unprecedented level of security breaches across companies of all sizes and technology maturity.\u201d\nHe says companies are finding out about breaches too late and they are unable to gauge the size of the issue.\n\u201cThis has to be the biggest concern for executives today. It has the potential to destroy consumer confidence in an organisation and also materially affect the financials of an organisation.\u201d\nAs an example, the Paradise papers leak represents a treasure map of offshore banking and investment activity which can easily be targetted by criminals, he says.\n\u201cBreaches in this area are likely to go unreported due to their dubious legal status and lack of transparency. They present criminals with the perfect opportunity as the police authorities will most likely never be involved.\u201d\nNo caption\nSidebar: Is your organisation prepared for a cyberattack?\nTop things for business leaders to consider.\nWhat is your board of directors doing to address the risk of a cyberattack to your business or organisation?Have cybersecurity policies been reviewed (and do they even exist)?Are there policies around external contractors?Does the business or organisation have cyber insurance?Is there a chief information security officer in the company?What would you do in the event of a cyberattack, operationally and with your communications (internally and externally, including stakeholders and media)?No caption\nFollow Divina Paredes on Twitter:@divinap\nFollow CIO New Zealand on Twitter:@cio_nz\nSign up forCIO newsletters for regular updates on CIO news, views and events.\nJoin us on Facebook.