IT Brief New Zealand logo
Technology news for New Zealand's largest enterprises
Partner content
Story image

Why is NZ lagging behind the world in cybersecurity?

By Jessie Chiang
Tue 21 Jun 2022

A recent report by the Technology Users Association of New Zealand (TUANZ) has revealed that we are ranked 56th in the world when it comes to cybersecurity. Why are we so far behind other countries, and what must be done for us to be better?

TUANZ is a 35-year-old independent organisation that represents the people who use technology. Its CEO, Craig Young, says they want Aotearoa to be in the top 10 digitally ready nations by 2030, which includes getting up to speed on cybersecurity.

The ranking is based on the international network readiness index by the Portulans Institute - and it's not looking good for New Zealand.

"This year's report is based on 2021 research and we've dropped down to 20th from 16th," he says.

Compare that to Australia, which only dropped to 13th from 12th, while Scandinavian countries and places like Singapore rank highly. Young says the index looks at a wide range of issues, including how a country uses and develops technology, how its people use it, and whether they are being trained.

As part of its Digital Priorities Report 2022, TUANZ also interviewed 23 senior business and government leaders in New Zealand, including Kiwirail, Spark, NZ Rugby and Auckland Council.

So, just how bad is the situation?

State of cybersecurity in NZ

In 2021, 8831 incidents were reported to CERT NZ, a 13% increase on 2020. The statistics show that 15% of the incidents reported to CERT NZ included direct financial loss, with a combined total value of $16.8 million.

A survey released by Kordia's Aura Information Security last December found that more than half (55%) of Kiwi businesses have been successfully targeted by a ransomware attack in 12 months. Young says New Zealand doesn't do well regarding things like secure internet service or the more technical issues.

"It's quite sobering to think that New Zealand ranks 56th in cybersecurity and I think there's a couple of reasons for that," he says.

"I think that New Zealand companies and organisations, felt safe and secure by being down the bottom of the world. For example, for COVID-19 we were able to close our borders, because we're an island down the bottom of the Pacific Ocean. We stopped planes coming and going, and people coming and going because of our physical location."

But Young points out that this kind of thinking doesn't cut it in the cyber world.

"We're only a few milliseconds from anywhere and we are heavily connected with the rest of the world. It only takes a couple of milliseconds for a message to come or leave New Zealand," he says.

Young says a reputation of not being overly strong in cybersecurity can also make Aotearoa an attractive choice for hackers to route their messaging or software. For example, if the hacker's originating country may come up as a red flag, routing it through New Zealand is less likely to cause concern. He says while New Zealand organisations might think they're big, they're quite small.

"Overseas players can just hammer them because they have the capacity to do so, they're built to take on the big guys and our organisations aren't that big," he says.

"We've sort of sat here in a feeling of security because we're a long way away, we're small, and we don't think we've got anything of value. Well, actually, we do. It's very quick to get here and that complacency has led us to be in a place of not being overly secure."

But high-profile cyber attacks in New Zealand like the NZX and the Waikato DHB have affected how companies view cybersecurity.

Kordia's survey found just under half of IT decision-makers say their businesses take cyber security more seriously as a result of these local attacks. In addition, it found 41% had more discussion around cyber security within their organisation, while 37% expanded their cyber security team or agency. The survey also revealed that 85% of IT decision-makers considered New Zealand equally or more at risk as the rest of the world when it came to cyber-attacks, up from just 67% in 2018. But Kordia's report also found that 42% of businesses admit not running crisis simulation exercises to assess their ability to respond to a cyber-attack.

And the game is changing. 

The growth of hybrid work, spurred on by the pandemic, is another security risk.

"If I work for a large corporate and I'm working from home, suddenly I've got a device here that's connected to the general internet, not just that it's connected to my internal network," says Young.

"I think a lot of the CIOs are struggling with trying to figure out how to raise the cyber skill sets or the cyber ability within their organisations for that space."

Upskilling staff and having a talent pipeline

Young says one of the most important areas New Zealand companies need to focus on is building cybersecurity skills in its staff. He says most successful attacks on organisations often come through phishing or one person. 

"With cyber security, you can have all the firewalls or the up-to-date software that you should have, but if somebody lets somebody in, you know, it's like letting someone in the front door, they're gonna get in and go for it," he says.

The TUANZ CEO says Aotearoa also needs cybersecurity experts and a talent pipeline.

The draft of the government's Digital Technologies Industry Transformation Plan was open for consultation earlier this year, and Young hopes the final plan will have a real drive towards getting not only younger people into cybersecurity but also retraining people. He says the skills required for those working in the cyber area differ from standard IT.

"The people that you want in that area aren't necessarily the same people that you've generally hired before. They aren't necessarily people who are good at running a network. What they're good at is breaking into a network or they're good at protecting a network because they know how to break it," he says.

"They're good at ferreting things out, or they're creative. I'm not saying you have to go out and hire a hacker. I'm just saying that people have slightly different skill sets than just the standard network provider."

In TUANZ's report, the organisation said its research shows there is not enough local talent in the tech industry to meet demand and the leaders it interviewed confirmed this perspective. Globally, there were 3.5 million cybersecurity jobs unfilled in 2021, and New Zealand was part of an international scramble attract talent.

In terms of cybersecurity as a government focus though, Young says it does have to raised up the pecking order. The Australian government recently announced the appointment of a dedicated Cybersecurity Minister, Clare O'Neil.

"We don't have a minister for cybersecurity. It's not really talked about," he says.

"There are some very good people in government doing some very good things like CERT NZ, but they aren't big, they are small, and they are targeted to specific things. The government itself has to do quite a lot of work on its own security because I mean, they hold huge swathes of data for New Zealanders."

There have been several different government initiatives. For example, at the end of 2020, it launched the Digital Boost programme, which targets small business owners and aims to help them get digitally ready. The training platform offers 500 video tutorials and Q&A sessions, daily live workshops with experts and live helpdesk support. In Budget 2022, the government also set aside funding for cybersecurity, including $30m for CERT NZ and $320m for updating data and digital infrastructure for health systems. It's also developing the Digital Strategy for Aotearoa, which will be released later this year.

Young says that will show the direction the government is taking when it comes to things like cybersecurity.

Automation plays a critical role

The TUANZ CEO says things like AI and machine learning are already a huge part of beefing up cybersecurity measures.

"The people who are doing the attacking, they're using those tools. They're using those tools to change things daily, you know, to or within the hour," he says.

"If they can't get in one way or another they'll change the messaging around. So you got to fight fire with fire in this situation."

Young says companies won't be able to keep up unless they have some form of automation. He points to the NZX example, where the stock exchange was bombarded with Denial-of-Service (DoS) attacks in 2020.

"Numbers were incomprehensible compared to what they would normally see. That's where your automation comes in because it continuously bats away these things," he says.

Young says in next year's report, he's hoping Aotearoa will be out of the 50s for cybersecurity and trending through the 40s. However, he acknowledges that some things take time.

"Certainly, it's one of those things that we're definitely going to be keeping an eye on and making some noise on during the year," he says.

Public Interest Journalism Fund logo
Public Interest Journalism funded through NZ On Air.
Related stories
Top stories
Story image
Amazon Web Services / AWS
Zscaler, AWS accelerate onramp to the cloud with zero trust
Zscaler has announced an extension to its relationship with Amazon Web Services, as well as innovations built on Zscaler's Zero Trust architecture.
Story image
Cybersecurity
Aqua Security, CIS create software supply chain security guide
Aqua Securityand the Center for Internet Security have together released the industry’s first formal guidelines for software supply chain security.
Story image
Cybersecurity
Threat actors ramp up their social engineering attacks
As people get better at identifying potential threats in their inbox, threat actors must evolve their methods. Their new M.O? Social engineering.
Story image
Commerce Commission
ComCom puts electronics sector on notice over resale price maintenance
The Commerce Commission has concluded an investigation into allegations that television manufacturers were engaging in illegal resale price maintenance.
Story image
Collaboration
IT and security team collaboration crucial to data security
Many IT and security decision makers are not collaborating as effectively as possible to address growing cyber threats.
Story image
Sustainability
Schneider Electric ups the ante on sustainability strategy
"We've made some progress but to avoid a major energy challenge, all data centres - including distributed edge data centres - must be more sustainable."
Story image
Apple
Jamf updates healthcare IT to protect data on Apple devices
Jamf has rolled out new functionality to help healthcare and IT teams protect patient data and streamline clinical access for their Apple fleet.
Story image
Infrastructure
VMware wins Google Cloud partner award for infrastructure modernisation
The cloud computing and virtualisation company was recognised for its achievements as part of the Google Cloud ecosystem.
Story image
Disaster Recovery
Eaton provides business continuity with disaster avoidance application
Many SMBs often struggle with problems relating to UPS and IT assets due to the sheer amount of time and resources required to run effectively. 
Story image
Tech job moves
Tech job moves - Boomi, Limepay, Thales, VMware & Zoom
We round up all job appointments from June 6-16, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Microsoft
Volpara, Microsoft project to detect cardiovascular issues
Volpara Health Technologies is working with Microsoft on a research and development project to speed up creating a product that detects and quantifies breast arterial calcifications (BACs).
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.
Story image
Testing
Video: 10 Minute IT Jams - An update from Tricentis
Tricentis provides software testing automation, and software quality assurance products for enterprise software.
Story image
Manufacturing
Sternum joins NXP, collaborates on IoT security and observability
Sternum has announced it has joined the software partner community of NXP Semiconductors, a manufacturer of and large marketplace for embedded controllers.
Story image
Government
Cyclone selected as NZ MOE software licensing partner
Following a recent Request for Proposal (RFP), Christchurch-based company Cyclone Computer Company Ltd (Cyclone) has been selected as The Ministry of Education’s software licensing partner.
Story image
Entelar
How TruSens air purifiers can create healthier workspaces
The pandemic has heightened our awareness of our own and others’ health, and made us all much more conscious of the environments we work in.
Story image
Ransomware
Rapid7 report examines use of double extortion ransomware attacks
New insight into how attackers think when carrying out cyber attacks, along with further analysis of the disclosure layer of double extortion ransomware attacks, has come to light.
Story image
Contact Centre
Customer service agents don't want to return to contact centres
A new report has revealed that 85% of customer service agents want to work full-time at home and not return to contact centre offices.
Story image
Digital Transformation
Cybersecurity priorities for digital leaders navigating digital transformation
In recent years, Asia-Pacific has especially been a hotspot for cyberattacks, and as we continue into 2022, it’s evident that the problem is becoming more significant.
Story image
Artificial Intelligence
Salesforce harnesses automated solutions with new developments
Salesforce has launched Sales Cloud Unlimited, a new feature to help accelerate productivity with AI and automation.
Story image
Cybersecurity
Significant security concerns resulting from open source software ubiquity
"The risk is real, and the industry must work closely together in order to move away from poor open source or software supply chain security practices."
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Rimini Street
Today we welcome back Daniel Benad, who is the GVP & regional GM for Oceania at Rimini Street.
Story image
Cybersecurity
Ingram Micro launches vendor-backed security program
Ingram Micro has unveiled a new program intended to give resellers the effective offerings their customers need to stay safe in the evolving threat landscape.
Story image
Network Security
Netskope announces zero trust network access updates
Customers can now apply zero trust principles across a range of hybrid work security needs, including SaaS, IaaS, private applications, and endpoint devices.
Story image
Secure access service edge / SASE
Cloudflare adds new capabilities to zero trust SASE platform
New features for Cloudflare One include email security protection, data loss prevention tools, cloud access security broker, and private network discovery.
Story image
Infrastructure
Lenovo announces launch of Retail Solutions portfolio in A/NZ
Lenovo has announced the launch of its Lenovo Retail Solutions portfolio across the A/NZ region, which they say will help retailers transform their business and face future retail demands.
Story image
Data
How a single mandate changed software development forever
There’s conjecture about exactly when it was issued and by whom, but a mandate made twenty years ago is continuing to shape the software development process today.
Story image
N4L
N4L, Spark, Chorus partner for Hyperfibre school upgrade
Networks for Learning (N4L) has partnered with Spark and Chorus to upgrade Wellington College to Hyperfibre, fostering stronger outcomes for students and teachers.
Story image
Orbital Insight
Orbital Insight solution set to drive better data-driven decisions
The company says the new Site Intelligence solution will provide granular visibility, behaviour analytics and deep insights about customers and competitors at any location. 
Story image
Digital Transformation
Apptio adds portfolio enhancements to promote digital strategy
"While digitalisation creates opportunities, it also makes budgeting far more complex, leading many companies to waste substantial funds."
Story image
INTERPOL
Hundreds arrested, millions seized in global INTERPOL investigation
A two-month-long investigation by INTERPOL this year involved 76 countries and clamped down on organised crime groups behind telecommunications and social engineering scams.
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
Story image
Healthcare
Workday winning on culture and family focus
This family-first approach sees all employees receive access to family-wide private healthcare cover, as well as income protection and life insurance policies.
Story image
Cloud
Cloudflare outage in 19 data centers worldwide due to own error
Cloudflare says its outage for 19 of its data centers yesterday was because of a change in a long-running project to increase resilience in its busiest locations.
Story image
eInvoicing
Airwallex, Xero extend partnership with easier invoice payments
Airwallex has extended its long-term partnership with Xero by releasing a new payment link integration for Xero invoices that will make receiving them easier and faster for Australian businesses.
Story image
Dark web
Cybercrime in Aotearoa: How does New Zealand law define it?
‘Cybercrime’ is a term we hear all the time, but what exactly is it, and how does New Zealand define it in legal terms?
Story image
Cybersecurity
Greater API usage raises concerns for protection - report
Radware has released its 2022 State of API Security report, which shows a rise in APIs, with 92% of the organisations surveyed significantly or somewhat increasing their usage.
Story image
Partnerships
Microsoft expands APAC Enabler Mentorship Program
"Mentors are the key to success for every professional. A good mentor is a coach, a guide, as well as a vocal advocate."
Story image
PagerDuty
Ready for anything with the PagerDuty Operations Cloud
In a world of digital everything, teams face increasing complexity. Ever-growing dependencies across systems and processes put customer and employee experience, not to mention revenue, at risk.
Story image
SaaS
Varonis strengthens security capabilities for AWS and S3
Varonis has strengthened and expanded its cloud and security capabilities, with a critical aim of improving safety and boosting data visibility in Amazon Simple Storage Service (S3).
Story image
Robotic Process Automation / RPA
rapidMATION helps Coates achieve success with landmark RPA solution
A strong Robotic Process Automation solution (RPA) can help solve many complex issues that businesses face daily. 
Story image
Citrix
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
Story image
Open source
DataStax secures US$115 million to fund database expansion
DataStax has secured US$115 million in funding, which it will use to develop and expand its Astra DB multi-cloud database and Astra Streaming service globally.
Story image
Cybersecurity
Why is NZ lagging behind the world in cybersecurity?
A recent report by TUANZ has revealed that we are ranked 56th in the world when it comes to cybersecurity - a look into why we're so behind and what needs to be done.