CyberCX has released its annual Digital Forensics and Incident Response Year in Review Report for 2023 

Reflecting on New Zealand’s cyber environment 

Cyber Security Strategy

Published by Tim Sewell, CEO, CyberCX New Zealand 30 May 2024


In front of more than a hundred customers, vendors and colleagues earlier this week CyberCX New Zealand passed an important milestone.

The formal opening of our new Auckland office at 131 Queen Street brings together more than 100 cyber security and cloud experts in one shared office space to deliver on our purpose of securing New Zealand communities.

The former home of Milne & Choyce – one of Auckland’s original and most famous department stores – once boasted the first escalators on Queen Street. Now, it’s equipped with some of the most advanced cyber security infrastructure in the country.


Reflecting on New Zealand’s cyber environment

Surrounded by colleagues and customers, our office opening gave me pause for thought about just how much the New Zealand cyber security industry has changed over time.

I reflected on this while listening to our global CEO John Paitaridis and the Honourable Simon Bridges, CEO of the Auckland Business Chamber and former leader of the National Party.

John outlined how, when we launched CyberCX in New Zealand, we set out to unify New Zealand’s leading cyber security talent, expertise and capability and to create the country’s first full-service cyber security operator.

Built on the heritage of leading NZ cyber security and cloud firms like Insomnia and Consegna, CyberCX New Zealand has grown into a network of 200 leading cyber security and cloud professionals across Auckland, Wellington and Christchurch. Together, we make up the largest end-to-end, pure play cyber firm in New Zealand.

Simon offered his view on how it’s almost impossible to have a conversation with a business leader in Auckland or a policymaker in Wellington about what keeps them up at night without hearing the words ‘cyber security’.

The reality is that the cyber landscape in New Zealand is changing at a rapid pace. At CyberCX New Zealand, we seek to reflect how the industry is changing as customers look for end-to-end specialists across all areas of cyber security and cloud.


Here are some of my reflections.


The environment is more complex than ever

When I started out in cyber security the main threats were hacktivists defacing websites and people breaking things while trying to figure out how they worked. To get a sense for how things have changed, in just one incident that CyberCX responded to last year an organisation lost around NZD$540,000 to a single business email compromise (BEC) attack.

From financially motivated criminal groups to nation states and insider threats, the sophistication of threats increases year after year leaving organisations facing an increasingly complex web of cyber risks.


An unstable world supports criminal activity, and cyber crime is incredibly profitable

Whether it’s Russia’s invasion of Ukraine or an increasingly assertive China in our own Pacific region, the global geopolitical landscape is deteriorating. We might like to think we’re too far away or too small to be in the crosshairs, but New Zealand is not immune from these risks. We’re a highly digitalised, wealthy economy, which makes us an attractive and lucrative target.

We saw this in March when the New Zealand Government called out a state-sponsored actor linked to China for malicious cyber activity targeting our Parliament in 2021. Meanwhile, the most common threat actor motivation for incidents CyberCX responded to across the ANZ region last year was financial.


Data breaches have real world impacts for New Zealanders

Data breaches and the theft of sensitive, personal information are now commonplace in New Zealand. Millions of Kiwis have had their personal information accessed or stolen in well publicised breaches of financial organisations, healthcare providers and media and entertainment companies in recent years.

But how does having your personal information stolen actually affect you? Criminals can take over your bank accounts and drain your funds, or they can take over your social media accounts and extort your connections. Criminals can also use your personal information to target you with scams that are increasingly hard to spot. And scams are on the rise. Recent research from Bank of New Zealand showed that nine out of ten Kiwis were targeted by a scam in the past year – up 13 per cent in a year.


New Zealand’s economic downturn poses new cyber risks

The state of New Zealand’s economy and unemployment continues to dominate news headlines. But one risk that flies under the radar is the impact this can have on an organisation’s IT and security budgets.

Whether it’s the risk of an insider threat as organisations cut jobs or shrewd criminals anticipating budget cuts or delays to IT programs, companies need to be alert to the elevated cyber risks economic downturns bring.

The bottom line is this: recession or not, businesses need to continue embracing the opportunities of the digital age, but they need to do so securely to ensure business confidence and customer trust is maintained.


Globally, B2B customer expectations are changing

The United States, the United Kingdom, and Australia – three of our most important trading partners and defence allies – have all advanced their cyber security regulatory regimes in recent years. All three have launched ambitious, forward-leaning cyber security strategies since 2022.

For New Zealand businesses this poses a growing challenge. Our businesses are now dealing with customers in these markets who – in line with heightened regulatory regimes – have elevated their expectations around cyber security, data protection, privacy and other technology standards.

Just look at Australia, where the 2022 Privacy Legislation Amendment Bill increased the penalties for serious or repeated privacy breaches to whichever is greater: $50 million, three times the benefit obtained through the misuse of information or 30 per cent of a company’s adjusted turnover in the relevant period. In the European Union, penalties for breaches of GDPR are €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater. Last year, Meta was fined €1.2 billion in a single ruling.

This means that Kiwi businesses risk falling behind and being at a competitive disadvantage if our own regimes stay out of step. Recent reports indicate the government is working on a new cyber security strategy and our own critical infrastructure reforms, presenting a welcome opportunity to close these gaps.



All of this underscores the importance of what we are doing at CyberCX New Zealand – customers are looking to us to help manage complexity and risk, improve their resilience and protect them from cyber attacks. Against the backdrop of this changing cyber landscape, customers increasingly want end-to-end cyber solutions and a broad set of expertise in one place.

With New Zealand’s best cyber security and cloud professionals, that’s exactly what we strive to provide at CyberCX.

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.