Author Andrew Steel Audit Partner
About author

I take a modern, collaborative approach to audit and assurance, providing high-quality service to clients across the greater Wellington region. As a registered Qualified Auditor and OAG (Office of the Auditor-General) Approved Auditor, I work with organisations across a range of sectors, delivering independent insights, benchmarking and practical support that adds real value.

A recent survey reveals that 53% of New Zealand’s small and medium-sized businesses have faced a cyber threat in the past six months, up from 36% last year. For business advisors, auditors, and accountants, this is a wake-up call. Cyber risk is no longer just a compliance issue; it’s a core business risk that needs to be embedded into financial planning, audit programmes, and client advisory conversations.

What the latest data shows

The National Cyber Security Centre (NCSC) report highlights a concerning trend, over half of SMEs are now affected by cyberattacks, with social engineering tactics like phishing emails, invoice fraud, and impersonation being the most common. These attacks target people, not just technology, and with the rise of AI, they’re becoming more sophisticated.

AI is supercharging cyber risks by enabling hyper-personalised phishing emails, realistic deepfake audio and video, and even automated large-scale attacks. Additionally, AI introduces critical risks to data integrity. Attackers can manipulate financial or operational data subtly, leading to flawed decision-making and poor business strategies. Protecting not just the confidentiality but the accuracy of your data has never been more important.

For more insights on AI-driven cyber threats, visit NCSC AI Risks.

Why this matters for your business

A cyberattack can have devastating financial implications, from fraud and ransom demands to diverted payments. Beyond that, it can damage your reputation, eroding trust with customers, suppliers, and partners. But with AI in the mix, the stakes are even higher. Imagine making critical decisions based on corrupted data; this could impact everything from financial modelling to customer insights.

This evolving threat landscape creates opportunities for accounting and advisory firms to step in with proactive services like cyber-risk assessments and internal controls reviews. The old belief that SMEs are “too small to target” is dangerously outdated.

What you should be doing

We believe cyber security should be integrated into your business strategy. It’s no longer optional; it’s essential.
Here’s how you can start:

  • Add cyber risk to reviews: during annual business reviews and audit planning, include cyber risk as a priority alongside financial metrics like cash flow.
  • Focus on people, processes, and technology: train staff to identify AI-driven phishing tactics, implement strong internal controls, and establish a clear incident response plan.
  • Assess data integrity risks: evaluate whether your systems are designed to detect and prevent data manipulation. Ensure your insights are reliable for decision-making.

Short-term steps for your business

You can take immediate steps to boost resilience. These can also be packaged as part of our advisory services:

  • Enable multi-factor authentication (MFA/2FA) on all key systems, especially email and finance tools.
  • Strengthen processes for verifying payment details changes—never rely on email alone.
  • Regularly back up your data and test that backups can be restored without corruption.
  • Monitor data accuracy: Regularly audit your data to detect any subtle signs of manipulation.

A focused “cyber hygiene” checklist can help link these steps to business continuity, showing the real cost of disruption.

How we can help you

At Moore Markhams, we’re committed to helping businesses thrive, including protecting against emerging threats like cyberattacks and internal fraud. Our team offers the expertise you need to build resilience.

Audit and Assurance: we’ll review your control environment, assessing risks like data integrity and fraud. From segregation of duties to testing financial controls, we’ll provide an independent view of your protections.

Business Advisory: we work with you to create actionable strategies to combat cyber threats and safeguard data. This includes designing processes like “maker–checker” approvals and training your team to identify warning signs.

Forensic and Fraud Detection: if an incident occurs, we’ll investigate, trace fraudulent actions, and help implement remediation. We can also set up ongoing fraud detection measures, giving you long-term peace of mind.

Business risk management must address both cyber threats and data integrity risks. If you’d like independent advice or a partner to strengthen your defences, let’s kōrero. Together, we can ensure your business is better protected and poised for confident growth.

For more information on AI and its risks to data security, read NCSC’s Guide on Data Integrity or talk to your Moore Markhams representative today.