While New Zealanders have mostly picked up good passive behaviours, like not clicking on strange links in emails or deleting spam texts, they aren't taking enough proactive steps to be secure online, says new research from CERT NZ.

As New Zealanders do more online, the number of people experiencing cyber security incidents is also increasing.

For example, since 2019 New Zealander's online shopping and transactions activity has doubled, and so has the number of incidents reported to CERT NZ.

The research found that 62 per cent of New Zealanders have personally experienced a cyber threat - over a three-month period. Despite this, cyber threats only rank ninth - 21 per cent - in areas of concern and 70 per cent of New Zealanders feel confident in their level of cyber security.

CERT NZ Director Rob Pope says this doesn't mean that all New Zealanders don't care about cyber security and protecting themselves online.

'There are a number of barriers including awareness of what to do, how to do it and understanding why it's important to being secure online. Our research shows that some New Zealanders see the cyber security steps as complicated; and others aren't aware of the risks.”

'While only one in five people are concerned about general cyber security, that jumps to four in five when you ask specifically about the security of personal information online.”

While 70 per cent of Kiwi wouldn't share personal information with strangers online, over half the adult population has their social media accounts set to ‘friends-only' or ‘private' meaning anyone can view the information they share.

'We're not pointing the finger at people, in any way, but using the insights from this research is going to help us, and the wider online security industry, better reach New Zealanders and shift their cyber security behaviours in a positive direction," says Rob.

'Moving forward CERT NZ will be using this to guide our campaign messaging and help people understand the impacts of cyber incidents.”

New Zealanders' perception of cyber security

The media is the platform where most New Zealanders - 73 per cent - hear about cyber security incidents, however, these are often different to what they experience personally. Large scale incidents – ransomware, DDoS attacks and data breaches – on businesses and organisations receive more coverage but are very different to the lived experience of individuals – email, text message and phone scams.

Media reports are often accompanied by technology focussed imagery or ‘shadowy' stock images such as the infamous ‘hacker in a hoodie'-style photo, furthering the perception of being out of reach to most Kiwi.

'Cyber security is perceived as complex, intangible and inaccessible to everyday New Zealanders,” says Rob.

'We have an opportunity to change behaviours by making cyber security human and tangible with a positive message.”

Cyber Change: Behavioural insights for being secure online

The Cyber Change booklet has been created using the insights from the research. It offers behavioural nudges that organisations can use in their messaging on cyber security.

For more information go to www.cert.govt.nz