AI cyber-attacks a key concern for Kiwi businesses

AI is increasingly seen as a double-edged sword in New Zealand’s cybersecurity landscape with growing concern about its misuse. 

Cybersecurity expert Kordia’s 2025 Business Cyber Security Report highlights business unease about the evolving capabilities of AI in the hands of cybercriminals. The report reveals that 28% of large New Zealand businesses are worried about AI-generated attacks, although only 6% of cyber breaches have involved AI. 

AI: reshaping the threat landscape

While traditional cyber-attack methods still prevail, more businesses are encountering sophisticated, AI-driven phishing attempts.  Phishing is a form of social engineering—a manipulation tactic where attackers trick people into revealing sensitive information, such as passwords or bank details, by impersonating a trusted individual or organisation.

Tools like ChatGPT make it possible to create convincing scam messages in seconds and across multiple languages, reducing the effort and expertise required by cybercriminals to develop and adapt social engineering campaigns. 

While AI is enhancing the complexity of attacks, threats such as ransomware, insider threats, network outages, third party vulnerabilities and cloud service issues still account for most cyber incidents.

Phishing remains a top threat

In 2024, 59% of businesses experienced cyber incidents, with phishing responsible for 43% of these.  

Earlier this year, over two million dollars was stolen in a phone scam targeting law firms where callers impersonated a major New Zealand bank. Those affected were misled into granting remote access to their computer systems or devices and disclosing authentication codes believing they were securing their accounts or reversing fraudulent transactions.

Cybercriminals have recently targeted Qantas, stealing a significant amount of customer data during a cyber-attack. The incident has all the hallmarks of an attack from the ‘Scattered Spider’ hacker group, which is targeting individual business sectors by tricking people into letting them into their systems. Most recently it has been known for attacks on the financial and insurance sectors.

Financial gain underpins many cyber-attacks

Financial gain remains a key motivator, driving attacks aimed at stealing personal information, intellectual property, and commercially sensitive data. Kordia’s survey found that one in six (14%) cyber incidents affecting New Zealand businesses involved financial extortion, while one in ten (9%) cyber incidents resulted in the victim paying a ransom or payment demand.

Reducing cyber security risk

Gallagher cyber insurance specialist Callum Hyde recommends businesses adopt an integrated approach to cybersecurity. 

“Many attacks still succeed due to a lack of basic cyber hygiene,” Callum says. “AI simply amplifies what was already possible. Businesses need to remain vigilant and implement security measures like multi-factor authentication, encryption, and regular updates. Training staff and having a response plan are crucial, along with policies to guard against AI data breaches.”

How we can help

At Gallagher, we help businesses navigate the evolving cyber risk landscape. Our brokers work closely with clients to assess their exposures and arrange cyber insurance to cover both their potential losses and their liability to others from a security breach. While a cyber insurance policy cannot prevent a security breach, it can assist a business to manage and recover if it experiences a cyber-attack. 

Speak to your Gallagher broker to ensure your business has the right cyber protection in place.