The Ransomware Threat to NZ Businesses
Ransomware attacks increased 50% globally in 2025, with New Zealand businesses among those targeted. Manufacturing and retail saw particularly sharp increases in both attack frequency and claim costs.
How Ransomware Attacks Work
Ransomware is malicious software that encrypts your business's files and systems, making them inaccessible. Attackers then demand a payment — typically in cryptocurrency — in exchange for the decryption key. Modern ransomware groups also steal data before encrypting it, threatening to publish it unless a second "confidentiality" payment is made (double extortion).
The most common entry points in NZ include: phishing emails with malicious attachments, compromised remote desktop protocol (RDP) connections, unpatched software vulnerabilities, and compromised third-party vendors with access to your systems.
The Real Cost of a Ransomware Attack
Many businesses focus on the ransom itself, but this is often the smallest component of total costs. A typical ransomware attack on an NZ SMB results in:
- Ransom payment: $50,000–$500,000+ (though payment is not always recommended)
- System restoration: 2–4 weeks of recovery work, often costing $20,000–$80,000
- Business interruption: Revenue loss during downtime — potentially $5,000–$50,000/day
- Forensic investigation: $15,000–$40,000 to determine cause and scope
- Legal and notification costs: $10,000–$50,000 if customer data was compromised
- PR and reputational costs: Variable but significant
Should You Pay the Ransom?
This is one of the most complex decisions businesses face during an attack. The answer depends on many factors: whether functional backups exist, the nature of the data stolen, legal implications of payment, and whether payment will actually result in data recovery. Paying also funds criminal enterprises and may not guarantee restoration. Cyber insurers have specialist negotiators who advise on this decision — never make the call alone.
How Cyber Insurance Responds to Ransomware
A comprehensive cyber insurance policy responds to ransomware by providing: immediate access to a 24/7 cyber incident response team, specialist ransomware negotiators, ransom payment funding (subject to legal guidance), system restoration and data recovery costs, business interruption losses, and if data was stolen, breach notification support.
Prevention: What Insurers Look For
Insurers are increasingly focused on your ransomware resilience. Key controls that reduce both your risk and your premiums include: multi-factor authentication (MFA) on all remote access and email, immutable offline backups tested regularly, prompt software patching, endpoint detection and response (EDR) tools, and a documented incident response plan.
About the Author
CyberCover Team — the CyberCover crew are self-confessed insurance geeks on a mission to make cyber cover simple, accessible and jargon-free for businesses of every size.