Neglected software updates put Kiwi SMEs at cyber threat risk

Neglecting software updates is exposing small businesses in New Zealand to increased risk of cyberattacks and data breaches.

Patch management overlooked

Small and medium enterprises (SMEs) often deprioritise software patching, with daily operational demands pushing updates down the to-do list. According to Mark Gorrie, Managing Director APAC for Gen Digital, this delay creates serious security gaps, especially in third-party applications such as business apps, browsers, conferencing tools, and document readers.

Gorrie explains, “Neglecting software updates is leaving the doors of small and medium businesses wide open. Operating systems tend to be patched regularly, but it’s everyday third-party apps like business applications, browsers, conferencing tools, and document readers that pose the bigger risk. The majority of vulnerabilities, 86%, come from applications (National Vulnerability Database). Each delay in patching increases the risk of ransomware attacks, stolen data, costly recovery efforts, or even falling short of compliance requirements – and local SMBs are exposed.”

Research by the Ponemon Institute shows that 57% of data breaches are linked to inadequate patch management. The consequences for SMEs can include financial loss, legal penalties, and reputational damage.

Examples of breaches

Recent incidents underscore the threat. High-profile breaches involving Microsoft SharePoint have been reported worldwide. In New Zealand, the Mediaworks organisation lost control of its competition database due to a third-party platform vulnerability, and the Reserve Bank of New Zealand was compromised via a flaw in a file sharing service. Ticketmaster attributed loss of customer details to a breach in a customer support application. Gorrie notes that while such cases often involve larger organisations, small businesses face similar risks from outdated software and unpatched systems.

Gorrie says, “The recent Microsoft SharePoint breaches are a clear example. In New Zealand the Mediaworks lost control of its competition database due to a third-party platform and the Reserve Bank of New Zealand was breached thanks to a flaw in a file sharing service. Ticketmaster lost control of customer details and attributed the break to a customer support application, and the list goes on. These are the medium and large organisations that make the news, but the same vulnerabilities, even if not seen in print, are faced by small businesses too – outdated software, unpatched systems, and gaps in oversight. According to Ponemon Institute research, 57% of data breaches stem from poor patch management.”

Challenges for small businesses

Many SMEs lack dedicated IT staff, so managing software updates is often a manual, time-intensive process. This situation means patches for third-party software can be delayed or overlooked entirely, sometimes until a problem occurs.

Gorrie writes, “For many, software patching often sits on the ‘someday’ list. It’s considered important, and since there’s no dedicated IT employee, it’s constantly pushed aside by more urgent tasks. It’s easy to see why, patching is time-consuming, prone to disruption, and often overlooked until something goes wrong. But what’s often underestimated is the real risk of putting it off.”

Automated solutions

To address these risks and challenges, Gorrie highlights the role of automated patch management. He says that solutions can help SMEs by taking the manual work out of the process, reducing disruption to daily business operations and ensuring timely application of patches across devices and software.

“With Avast Business Patch Management, you don’t have to worry about tracking patches across multiple applications or deploying updates during peak business hours. The platform scans for vulnerabilities, tests patches, and automatically rolls them out, all from a central cloud-based dashboard.”

The approach, Gorrie contends, helps businesses by providing real-time visibility and control over their patch status. Automated systems can check for missing updates every 24 hours, efficiently distribute them across a network, and minimise network impact by scheduling deployments at convenient times.

He elaborates, “Businesses can expect time back because patch management removes the time-consuming burden patches cause. You can set flexible deployment schedules or let the system take care of it automatically with minimal network impact. That means less time checking for updates and fewer disruptions to daily operations.”

Reducing risks and aiding compliance

Managing software updates proactively can reduce exposure to cyber threats, such as ransomware and data theft, and support compliance with industry and data protection standards.

Gorrie notes, “Smart businesses understand that the technology reduces risk. By closing known vulnerabilities quickly, you reduce the likelihood of ransomware attacks, data theft, or software issues. The system supports thousands of patches, including widely used apps like Adobe Reader, Java, and Zoom, so you’re not just relying on Windows updates to keep your systems safe.”

Compliance is another benefit identified by Gorrie. “Owners know compliance is critical. Whether it’s meeting internal standards or aligning with industry or customer requirements, staying on top of patching helps you demonstrate that your business takes data protection seriously. The platform’s built-in reporting tools make it easy to track and show compliance progress too.”

Control and flexibility for SMEs

Automated patch management solutions, according to Gorrie, can be managed from a central dashboard, even allowing updates to be deployed to devices that are remote or not currently online. In the event of issues caused by a patch, the system allows businesses to roll back changes without needing IT intervention.

He states, “Patch Management means you don’t need an IT qualification to gain control and visibility. Everything runs through one dashboard, and you can patch devices even if they’re remote, asleep, or behind a firewall. And that’s a big advantage for hybrid teams or those with multiple sites. If a patch causes a problem, you can roll it back without waiting for an IT technician to step in.”

Patching as part of security

Gorrie describes patch management as an essential aspect of broader security strategies, offering an opportunity to enhance cyber resilience without significant resource investment.

He concludes, “Patching doesn’t have to be a painful, manual process. With the right tools, it can become a quiet but powerful layer of protection, running in the background while you focus on growing your business. Avast Business Patch Management is about making security easier, not harder, and giving small businesses the tools to stay safe without stretching your resources thin.”