Most businesses that come under a successful cyber attack are able to resolve the issue before significant damage is done.
Research from Aura Information Security found that 55 percent of New Zealand businesses have fallen victim to ransomware attacks in the last year.
But two out of three were able to sort it out before it caused serious issues.
Hilary Walton, chief information security officer at Aura's parent group Kordia, said cyber criminals were perfecting their methods but the threats were not new.
"Yes it seems that 67 percent [of businesses] are able to resolve breaches. However, I must admit that I was quite surprised by that number.
"What I think it does reflect is that we are seeing organisations put more layers of defence in and making sure that they are covering most of the basics," she said.
Walton said the other 33 percent of businesses that were not so lucky faced serious disruption as a result of attacks.
"Ransomware is a matter of when, not if, for New Zealand businesses," she said.
"Whether your business chooses to pay a ransom or not, these types of attacks have the potential to be very costly - when you factor in loss of productivity, revenue and reputation damage, you can quickly start to see how an attack can impact your bottom line."
Walton said the Privacy Commissioner did not recommend paying ransoms, but 64 percent of businesses would be willing to pay to regain access to their data.
She also added that working from home amplified the risk of attacks.
"As people work more and more from home and the attack surface increases, there are opportunities hackers have only scratched the surface of: home routers with out-of-date software and firmware, more sophisticated attacks on cloud services, social engineering via other people on the home - the list goes on," Walton said.
Walton said businesses needed to not only know how to defend against cyber attacks, but also know what to do afterwards.