Cyber Risk Isn’t Just About Technology - It’s About People

We talk a lot about risk and how it shows up in the real world, and one example really stuck with us.

One of our team, Rexina, recently shared a video of her dad, Maurice. If you haven’t seen it, it’s worth a watch (thanks, Rex’s Dad).
Watch the video here.

A simple example, but one that will feel familiar to a lot of businesses.

He’s the kind of bloke you’ll recognise straight away. Practical, hands-on, has spent most of his life working on the tools rather than behind a desk.

But like a lot of people, that’s changed.

These days, he’s using a tablet for work. Checking emails, opening attachments, clicking through links to get the job done.

And if something comes through that looks legitimate, there’s a good chance he’ll click it.

Not because he’s careless.

Because he’s human.

And because more and more people are now expected to use technology as part of their day-to-day work, whether they’ve grown up with it or not.

That’s the reality many businesses are operating in.

Cyber risk isn’t just about systems or software. It’s about people, behaviour, and the small decisions made in the middle of a busy day.

And it’s exactly what scammers rely on.

 

What does this look like in a business?

For many New Zealand businesses, especially smaller teams, tradies, and family-run operations, it’s not hard to see how this plays out:

• Emails get opened quickly between jobs
• Links are clicked without much thought
• Invoices and attachments are trusted at face value
• Different people are accessing systems across phones, tablets, and laptops

No one is sitting there analysing every email for signs of a scam. And realistically, that’s not how most businesses operate.

 

So what can you actually do about it?

You can’t eliminate human behaviour, but you can reduce the risk.

A few simple steps can make a real difference:

• Pause before clicking
  If something feels even slightly off, it’s worth taking a second look, especially with unexpected emails asking for payments, logins, or urgent action.
• Use multi-factor authentication (MFA)
  One of the simplest and most effective ways to protect accounts, even if login details are compromised.
• Have a simple check process
  For example, confirming bank account changes or payment requests with a quick phone call.
• Keep systems up to date
  Updates exist for a reason, and often close off known vulnerabilities.
• Talk about it as a team
  A quick, practical conversation is often more useful than a long policy no one reads.

None of this needs to be complicated. It’s just about making it a bit harder for something to slip through.

 

Where insurance fits in

Even with good processes in place, things can still go wrong.

That’s where cyber insurance can help, not just with prevention, but with support if something does happen, whether that’s managing a breach, dealing with downtime, or getting the right help quickly.

At Dawson’s, we work with clients to make sure their cover reflects how their business actually operates day to day.

If you’re not sure where things sit, or just want a quick sense-check, we’re always happy to help.