The government, businesses and the private sector are preparing and gearing up to tackle the increasing risks posed by cybercrime which has victimised many locals while some do not even realise these risks.

This is the gist of a four-day training programme currently underway in Rarotonga, a collaborative effort between WebSafe Samoa, Pacer Plus, and the Cook Islands’ Business Trade and Investment Board (BTIB). The programme addresses the urgency of cyber threats that are already impacting the Pacific region.

Assistant Minister responsible to the Prime Minister Sonny Williams shared alarming statistics on financial losses due to scams, noting that approximately $350,000 was defrauded from Cook Islands residents some five years ago.

He recounted a personal story of a man who lost $80,000 in personal savings to a scam, illustrating the emotional and financial toll of cybercrime on individuals.

“Cybersecurity crime has started,” he said, noting that cases of financial loss from cyber scams are already occurring.

He also highlighted the vulnerability of sensitive data across various sectors, including health and banking, warning that such information could be exploited if left unprotected.

“It might not seem important, but there's a lot of information about people that's contained in the health sector,” he said.

“People’s private health results are among all the things that are confidential. If you go to a hospital and ask for something, somebody's medical information, you won't get it because it's so confidential.

“And it can be used for something else, to bribe people and all that and now we see in the region, it's starting to come out to smaller countries like us.”

Jobenz Manoa, managing director of WebSafe Samoa, which is leading the training, explained that their goal is to raise awareness across different levels, from government to businesses, and out to  the community.

"The rapid speed of technology is moving forward," he said.

"We need to think about the negative side of technology, such  as cyber security crimes –things like scams that are harming our people."

Manoa added that WebSafe's presence in the Cook Islands, marking their first training outside Samoa, is part of an effort to address these issues regionally.

According to Manoa, one key focus is preparing organisations to respond to ransomware attacks, viruses, and other threats that could disrupt essential services.

He explained that a cyber incident could result in halted services, financial losses, and damaged reputations for businesses.

“It can halt businesses' services,” he said.

“When a business gets hit with a threat, like a ransomware threat, it can halt their business financial system… and of course, lead to closing of businesses.”

Williams pointed out that the Cook Islands has been largely spared from large-scale cyber attacks, like those seen in New Zealand, where health services were temporarily shut down.

However, he warned that complacency is not an option.

“We want protection in place before we can get a serious attack and also we hear about countries whose elections are being interfered with from outside.”

He added that there is a need for proactive measures in sectors like health, where confidential data is especially sensitive.

While the Cook Islands has some policy frameworks in place to address cybersecurity, Williams acknowledged that these are still in the early stages.

He sees this training as a stepping stone to incorporating cybersecurity planning into agency budgets and business strategies.

"It's a start," he said, emphasising the need to protect valuable financial and personal data across government, health, and education sectors.

The Cook Islands Cyber Security Policy 2024 has four main pillars including online harm and cybercrime, our government, our people, and critical national infrastructure.

For the government pillar, its targets and actions include: Develop guidelines for assessing cyber security risks in Government procurement and acquisition of technology and hardware: Enable Government‑wide purchasing decisions on secure and resilience technology: Integrate assessment of cyber security risks into security and disaster planning: Develop a cyber security emergency response plan, and more.