Gallagher is drawing attention to the growing significance of artificial intelligence (AI) in New Zealand’s cyber risk environment, with the insurance brokerage noting that AI is reshaping how businesses approach cyber security.
According to Gallagher cyber insurance specialist Callum Hyde, organisations are increasingly aware of the risks posed by AI-driven attacks, even as traditional threats remain prevalent. He recommends that businesses adopt a comprehensive approach to cyber security.
“Many attacks still succeed due to a lack of basic cyber hygiene,” he said. “AI simply amplifies what was already possible. Businesses need to remain vigilant and implement security measures like multi-factor authentication, encryption, and regular updates. Training staff and having a response plan are crucial, along with policies to guard against AI data breaches.”
Recent findings from Kordia’s 2025 Business Cyber Security Report showed that 28% of large New Zealand businesses are concerned about AI-generated cyber attacks, although only 6% of reported breaches have involved AI so far.
The report noted that while traditional attack methods continue to dominate, there is a noticeable increase in sophisticated phishing attempts that leverage AI technology.
Gallagher said AI tools, such as advanced language models, enable cybercriminals to quickly generate convincing scam messages in multiple languages.
This capability reduces the expertise required to launch and adapt social engineering campaigns, making it easier for attackers to impersonate trusted individuals or organisations and obtain sensitive information.
Despite the rise in AI-enabled threats, most cyber incidents still stem from established risks, including ransomware, insider threats, network outages, third-party vulnerabilities, and cloud service issues.
Phishing remains a leading concern for New Zealand businesses. In 2024, 59% of organisations experienced a cyber incident, with phishing responsible for 43% of these cases.
Earlier this year, a phone scam targeting law firms resulted in losses exceeding two million dollars.
Attackers impersonated a major New Zealand bank and convinced victims to provide remote access and authentication codes, believing they were securing their accounts.
Similar tactics have been observed internationally. For instance, Qantas recently experienced a data breach attributed to the “Scattered Spider” group, which has targeted financial and insurance sectors by manipulating individuals into granting system access.
Financial gain continues to drive many cyber attacks. Kordia’s research found that 14% of cyber incidents in New Zealand involved financial extortion, while 9% resulted in ransom payments or other financial demands.
Attackers often seek personal data, intellectual property, or commercially sensitive information.
Beazley’s 2025 Risk & Resilience report, based on a global survey of business leaders, found that 29% of executives now consider cyber risk their top concern, up from 26% in the previous year. This is the first increase in reported concern since 2021.
Despite this, 83% of respondents said they felt prepared to manage cyber threats, an increase from 74% last year.
