New Zealand Computer Crime & Security Survey

The New Zealand Computer Crime and Security Survey is an annual piece of research carried out by the Security Research Group (SRG) of the University of Otago, in partnership with the New Zealand Internet Task Force, New Zealand Police and the Computer Security Institute (CSI). InternetNZ contributed funding to the 2010 survey, which was based on the responses of 176 New Zealand computer security practitioners.

The survey covered a range of security themes including Conficker incidence, handling and cost; the frequency, nature and cost of cyber security breaches, security awareness and percentage of IT budgets spent on security. 

A PDF version of the survey is available below:
2010 NZ Computer Crime & Security Survey (PDF)

Key points from the 2010 Executive Summary
There was a marked reduction in incident numbers and costs per organisation since 2007.

Over 60% of NZ respondents use less than 5% of their IT budget on security, and investment continues to drop in all budget categories.

NZ organisations tend to outsource more security function, whereas those in the US are outsourcing less.

Industry Vendor IT Certification dropped 12% since 2007, Tertiary IT Qualifications rose 5%, and "No formal qualifications but > 5 years security experience", dropped from 51% in 2005 to 37% in 2010 suggesting the trend is toward tertiary qualifications to prepare people for ICT employment.

Almost half of the respondents thought their organisation needed to do more to ensure 3rd party contractors level of IT security qualification, training, experience or awareness.

At 46%, Generic External Threat (virus/malware) was by far the greatest perceived issue. 1 in 4 Mobile Device Security Measures respondents had "No security tools or procedures". By far the main vector was USB. Over half respondents had no USB incident protection in place.