Back to Aon Insights

Laying in wait: what on-farm cyber crime looks like

Many Kiwi farmers are significantly underprepared for the threats they face, explains Duncan Morrison, Cyber Risk Practice Leader, Aon New Zealand.


Cyber attacks make headlines when they take down global corporations or lock up major systems. But what you don’t often see in the news are the cyber crimes doing real damage in New Zealand – the small, everyday scams hitting farmers and rural SMEs. 

Like most small businesses, many farmers in New Zealand are significantly underprepared for the threats they face. 

Aon’s Global Risk Management Survey consistently ranks cyber attacks and data breaches among the top global risks for businesses. Despite high awareness, only a small proportion of organisations have quantified their cyber exposure, contributing to underinsurance and increased vulnerability. 

When it comes to SMEs, which make up 97% of businesses in New Zealand, only 7% feel prepared to respond to a cyber event and roughly 12% carry cyber insurance.
 

Everyday scams, not always sophisticated attacks


For the primary sector, where digital tools underpin traceability, compliance, financial management and animal health records, this is a huge risk. 

However, most cyber losses in rural New Zealand aren’t coming from sophisticated ransomware attacks. They come from simple, targeted scams exploiting everyday tools like email and online banking. 

Last year, MBIE reported that New Zealand businesses and individuals lost around $256 million to cyber crime, with authorised payment scams – where victims are tricked into paying criminals – responsible for the largest share. These incidents rarely reach the news, but for an SME, they can be financially devastating. 


A real-world example: Business email compromise


Here’s a real scenario I’m seeing more often: A farmer buys a $40,000 piece of equipment. Somewhere along the way – through either the farmer’s email or the supplier’s –  criminals get access. They sit quietly in the inbox, watching the back-and-forth. Then, right before payment is made, they jump in with a “new” invoice or updated bank details that look completely legitimate. 

The farmer pays the invoice, thinking nothing of it. The money goes straight into the attacker’s account and is gone within minutes. The supplier never receives the payment, and the farmer is left facing the worst outcome: a loss of thousands and nothing to show for it. 

No ransomware. No frozen screens. No obvious red flags. Just a simple email trick that results in a massive and unexpected loss.

Once you add the cost of IT forensics, legal advice and restoring lost data, even a basic business email compromise can run upwards of $30k. 

The impact goes beyond a loss of funds and the time it takes for finances to bounce back. Rebuilding lost or corrupted critical data, such as financial records, herd management and crop data or other farm‑critical information, is often unavoidable. Recreating years of records is slow, costly and stressful.

As most farmers don’t have an internal cyber specialist, many cyber insurers – including Aon’s partners – provide immediate access to specialist responders who triage, contain and help victims recover from cyber events. For SMEs and farmers, this support can be the difference between a short disruption and a prolonged crisis.


Simple habits to reduce cyber risk


• Enable multifactor authentication across all key systems, especially email.

• Use call-backs or dual authorisation for any new or changed supplier bank details.

• Maintain secure, regularly tested backups stored separately from the main devices. 

• Treat “urgent” payment requests with caution. 

• Use mailbox filtering and rules to detect anomalies. 

• Create a simple ‘if X, do Y‘ response playbook.

These are basic business protections that help to stop the majority of everyday cyber attacks. 


Vigilance is the new normal


New Zealand’s primary sector now relies on digital systems just as much as it does on the weather and market conditions. If we want to safeguard the backbone of our economy, we must be just as vigilant against the quiet, everyday cyber scams as we are against the high-profile attacks that make the news. 

In today’s world, protecting our farms from these hidden threats is as essential as preparing for a storm – because sometimes it’s the risks we don’t see coming that can do the most damage.
 

Talk to Duncan today to find out more about ensuring your agribusiness is cyber risk resilient


Link to the original article - FarmersWeekly


Related Articles

How Cyber Insurance Saved This Small Business
What is Cyber Insurance and Why Does Your Small Business Need it?
The True Consequences of Underinsurance of Your Business

© 2024 Aon plc

This website contains general information only and does not take into account your individual needs or financial situation. It is important to note that limits, excesses, terms and conditions and exclusions apply to the products and services outlined on this website. Please refer to the relevant policy documents for details of cover, the provision of which is subject to the insurer’s underwriting criteria that apply at the time. Please contact us if you have any questions.