Blog

Our national response to cyber-crime is top-heavy

Cyber-crime continues to evolve rapidly, becoming more sophisticated and widespread, prompting the New Zealand government and several non-profit organisations to respond with enhanced policies, initiatives and guidance.

Government organisations and initiatives remain primarily focused on protecting our critical infrastructure and government agencies from threats and breaches, which ultimately keeps us all safer. Meanwhile, private non-profit organisations like NetSafe and various industry groups continue helping individuals and businesses navigate the digital threat landscape.

Whilst New Zealand has built a comprehensive ecosystem of organisations working towards strengthening our cyber resilience, this nation-wide response remains top-heavy, with significant gaps at the grassroots level that need addressing.

The current cyber-crime response includes:

• The National Cyber Policy Office, part of the Department of Prime Minister and Cabinet, continues overseeing cyber security strategy implementation. They operate Connect Smart, a digital protection resource fostering public-private sector partnerships.
• The National Cyber Security Centre (NCSC) within the GCSB, which has expanded its protective monitoring services and threat intelligence sharing capabilities significantly since its early days.
• New Zealand Police have strengthened their cybercrime capabilities, establishing specialised units focused on prevention, investigation and prosecution of digital crimes.
• The Department of Internal Affairs maintains electronic messaging compliance oversight, investigating spam complaints and operating reporting services to track fraudsters breaching New Zealand’s anti-spam legislation.
• The Government Chief Information Officer (GCIO) leads cross-government programmes providing clear expectations, guidance and tools supporting capability building in privacy and security across the public sector.
• NetSafe remains our primary not-for-profit organisation educating the public on cyber threats, monitoring current risks, and operating incident reporting facilities.
• Industry-specific cyber security forums and taskforces have emerged, bringing together organisations to collaborate on sector-specific security challenges.

Within our practice, we’re witnessing increasingly sophisticated ransomware attacks and social engineering campaigns targeting our clients. Whilst we have comprehensive security solutions protecting them, when breaches do occur, we observe the same criminal tactics being deployed across multiple organisations within similar sectors. These criminals continue operating successfully partly due to persistent cultural reluctance around reporting security incidents.

Rather than mandating breach reporting, we believe the focus should be on developing what cyber security experts describe as an “intrinsic desire to report and record incidents” within business communities.

Industry groups need to take greater leadership, pooling resources to develop sector-specific processes, education programmes, and best practice guidelines tailored to their unique risk profiles. Law firms, healthcare organisations, and government agencies each face distinct threats requiring targeted approaches.

The legal sector, for instance, remains a particularly attractive target due to the sensitive client information held. Recent analysis shows law firms experience 25% more cyber attacks than the average business, yet many still lack comprehensive incident response plans.

If your organisation needs support developing robust cyber security strategies or incident response capabilities, our team would welcome the opportunity to discuss your specific requirements.

Simon Falconer
Director, Resolve Technology
When he’s not finding a reason to buy the latest gadget, Simon is probably setting it up, breaking it, and fixing it again — all before breakfast.