CFOtech New Zealand logo
Technology news for Kiwi CFOs and financial decision-makers
Partner content
Story image

Why is NZ lagging behind the world in cybersecurity?

By Jessie Chiang
Tue 21 Jun 2022

A recent report by the Technology Users Association of New Zealand (TUANZ) has revealed that we are ranked 56th in the world when it comes to cybersecurity. Why are we so far behind other countries, and what must be done for us to be better?

TUANZ is a 35-year-old independent organisation that represents the people who use technology. Its CEO, Craig Young, says they want Aotearoa to be in the top 10 digitally ready nations by 2030, which includes getting up to speed on cybersecurity.

The ranking is based on the international network readiness index by the Portulans Institute - and it's not looking good for New Zealand.

"This year's report is based on 2021 research and we've dropped down to 20th from 16th," he says.

Compare that to Australia, which only dropped to 13th from 12th, while Scandinavian countries and places like Singapore rank highly. Young says the index looks at a wide range of issues, including how a country uses and develops technology, how its people use it, and whether they are being trained.

As part of its Digital Priorities Report 2022, TUANZ also interviewed 23 senior business and government leaders in New Zealand, including Kiwirail, Spark, NZ Rugby and Auckland Council.

So, just how bad is the situation?

State of cybersecurity in NZ

In 2021, 8831 incidents were reported to CERT NZ, a 13% increase on 2020. The statistics show that 15% of the incidents reported to CERT NZ included direct financial loss, with a combined total value of $16.8 million.

A survey released by Kordia's Aura Information Security last December found that more than half (55%) of Kiwi businesses have been successfully targeted by a ransomware attack in 12 months. Young says New Zealand doesn't do well regarding things like secure internet service or the more technical issues.

"It's quite sobering to think that New Zealand ranks 56th in cybersecurity and I think there's a couple of reasons for that," he says.

"I think that New Zealand companies and organisations, felt safe and secure by being down the bottom of the world. For example, for COVID-19 we were able to close our borders, because we're an island down the bottom of the Pacific Ocean. We stopped planes coming and going, and people coming and going because of our physical location."

But Young points out that this kind of thinking doesn't cut it in the cyber world.

"We're only a few milliseconds from anywhere and we are heavily connected with the rest of the world. It only takes a couple of milliseconds for a message to come or leave New Zealand," he says.

Young says a reputation of not being overly strong in cybersecurity can also make Aotearoa an attractive choice for hackers to route their messaging or software. For example, if the hacker's originating country may come up as a red flag, routing it through New Zealand is less likely to cause concern. He says while New Zealand organisations might think they're big, they're quite small.

"Overseas players can just hammer them because they have the capacity to do so, they're built to take on the big guys and our organisations aren't that big," he says.

"We've sort of sat here in a feeling of security because we're a long way away, we're small, and we don't think we've got anything of value. Well, actually, we do. It's very quick to get here and that complacency has led us to be in a place of not being overly secure."

But high-profile cyber attacks in New Zealand like the NZX and the Waikato DHB have affected how companies view cybersecurity.

Kordia's survey found just under half of IT decision-makers say their businesses take cyber security more seriously as a result of these local attacks. In addition, it found 41% had more discussion around cyber security within their organisation, while 37% expanded their cyber security team or agency. The survey also revealed that 85% of IT decision-makers considered New Zealand equally or more at risk as the rest of the world when it came to cyber-attacks, up from just 67% in 2018. But Kordia's report also found that 42% of businesses admit not running crisis simulation exercises to assess their ability to respond to a cyber-attack.

And the game is changing. 

The growth of hybrid work, spurred on by the pandemic, is another security risk.

"If I work for a large corporate and I'm working from home, suddenly I've got a device here that's connected to the general internet, not just that it's connected to my internal network," says Young.

"I think a lot of the CIOs are struggling with trying to figure out how to raise the cyber skill sets or the cyber ability within their organisations for that space."

Upskilling staff and having a talent pipeline

Young says one of the most important areas New Zealand companies need to focus on is building cybersecurity skills in its staff. He says most successful attacks on organisations often come through phishing or one person. 

"With cyber security, you can have all the firewalls or the up-to-date software that you should have, but if somebody lets somebody in, you know, it's like letting someone in the front door, they're gonna get in and go for it," he says.

The TUANZ CEO says Aotearoa also needs cybersecurity experts and a talent pipeline.

The draft of the government's Digital Technologies Industry Transformation Plan was open for consultation earlier this year, and Young hopes the final plan will have a real drive towards getting not only younger people into cybersecurity but also retraining people. He says the skills required for those working in the cyber area differ from standard IT.

"The people that you want in that area aren't necessarily the same people that you've generally hired before. They aren't necessarily people who are good at running a network. What they're good at is breaking into a network or they're good at protecting a network because they know how to break it," he says.

"They're good at ferreting things out, or they're creative. I'm not saying you have to go out and hire a hacker. I'm just saying that people have slightly different skill sets than just the standard network provider."

In TUANZ's report, the organisation said its research shows there is not enough local talent in the tech industry to meet demand and the leaders it interviewed confirmed this perspective. Globally, there were 3.5 million cybersecurity jobs unfilled in 2021, and New Zealand was part of an international scramble attract talent.

In terms of cybersecurity as a government focus though, Young says it does have to raised up the pecking order. The Australian government recently announced the appointment of a dedicated Cybersecurity Minister, Clare O'Neil.

"We don't have a minister for cybersecurity. It's not really talked about," he says.

"There are some very good people in government doing some very good things like CERT NZ, but they aren't big, they are small, and they are targeted to specific things. The government itself has to do quite a lot of work on its own security because I mean, they hold huge swathes of data for New Zealanders."

There have been several different government initiatives. For example, at the end of 2020, it launched the Digital Boost programme, which targets small business owners and aims to help them get digitally ready. The training platform offers 500 video tutorials and Q&A sessions, daily live workshops with experts and live helpdesk support. In Budget 2022, the government also set aside funding for cybersecurity, including $30m for CERT NZ and $320m for updating data and digital infrastructure for health systems. It's also developing the Digital Strategy for Aotearoa, which will be released later this year.

Young says that will show the direction the government is taking when it comes to things like cybersecurity.

Automation plays a critical role

The TUANZ CEO says things like AI and machine learning are already a huge part of beefing up cybersecurity measures.

"The people who are doing the attacking, they're using those tools. They're using those tools to change things daily, you know, to or within the hour," he says.

"If they can't get in one way or another they'll change the messaging around. So you got to fight fire with fire in this situation."

Young says companies won't be able to keep up unless they have some form of automation. He points to the NZX example, where the stock exchange was bombarded with Denial-of-Service (DoS) attacks in 2020.

"Numbers were incomprehensible compared to what they would normally see. That's where your automation comes in because it continuously bats away these things," he says.

Young says in next year's report, he's hoping Aotearoa will be out of the 50s for cybersecurity and trending through the 40s. However, he acknowledges that some things take time.

"Certainly, it's one of those things that we're definitely going to be keeping an eye on and making some noise on during the year," he says.

Public Interest Journalism Fund logo
Public Interest Journalism funded through NZ On Air.
Related stories
Top stories
Story image
Commerce Commission
ComCom puts electronics sector on notice over resale price maintenance
The Commerce Commission has concluded an investigation into allegations that television manufacturers were engaging in illegal resale price maintenance.
Story image
Market growth
Salesforce unveils new offerings for consumer goods companies
Salesforce has announced new products for consumer goods companies to help brands navigate increasing market complexity more easily.
Story image
Government
Cyclone selected as NZ MOE software licensing partner
Following a recent Request for Proposal (RFP), Christchurch-based company Cyclone Computer Company Ltd (Cyclone) has been selected as The Ministry of Education’s software licensing partner.
Story image
Healthcare
Workday winning on culture and family focus
This family-first approach sees all employees receive access to family-wide private healthcare cover, as well as income protection and life insurance policies.
Story image
Tech job moves
Tech job moves - Boomi, Limepay, Thales, VMware & Zoom
We round up all job appointments from June 6-16, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Data analytics
Qlik releases new capabilities, underpinned by Snowflake integration
“We're seeing continued customer success and growth in demand to leverage Qlik and Snowflake together to advance cloud data analytics strategies."
Story image
Broadband
Most NZ broadband can deliver four HD Netflix streams at the same time
Measuring Broadband New Zealand's latest report shows 99% of Fibre 300, Fibre Max, and HFC Max plans can handle four simultaneous high-definition Netflix streams.
Story image
N4L
N4L, Spark, Chorus partner for Hyperfibre school upgrade
Networks for Learning (N4L) has partnered with Spark and Chorus to upgrade Wellington College to Hyperfibre, fostering stronger outcomes for students and teachers.
Story image
eInvoicing
Airwallex, Xero extend partnership with easier invoice payments
Airwallex has extended its long-term partnership with Xero by releasing a new payment link integration for Xero invoices that will make receiving them easier and faster for Australian businesses.
The Access Group
Struggling to understand which transformative technologies will help your business? The Access Group provides a look into key opportunities and impacts for finance.
Link image
Story image
Citrix
The best ways to attract young talent during labour shortages
New research from Citrix reveals hybrid working and ventures into the metaverse are top of mind for Gen Z workers.
The Access Group
Increasing headcount isn't always the best way to grow. A good financial strategy can help solve many issues, and The Access Group shares the secret to success.
Link image
Story image
Microsoft
Volpara, Microsoft project to detect cardiovascular issues
Volpara Health Technologies is working with Microsoft on a research and development project to speed up creating a product that detects and quantifies breast arterial calcifications (BACs).
Story image
Robotic Process Automation / RPA
Study shows prioritising IA can deliver better operational outcomes
A new Everest Group Pinnacle Model study, supported by SS&C Blue Prism, has found that businesses that use and develop solid automated practices tend to see better operational outcomes.
Story image
Cybersecurity
Why is NZ lagging behind the world in cybersecurity?
A recent report by TUANZ has revealed that we are ranked 56th in the world when it comes to cybersecurity - a look into why we're so behind and what needs to be done.
Story image
API
Industry-first comprehensive risk-based API security enhances protection
Application Programming Interfaces (APIs) have become a crucial part of operating web and mobile application businesses and are causing significant economic growth in the digital sector.
The Access Group
Health and social care organisations are currently under significant financial pressure. Find out how financial transformation can help provide an effective route forward.
Link image
Story image
Cloud
Chatbots gaining momentum in customer service space
Chatbots are gaining momentum in the customer service space, but a human touch still unbeatable, according to a new study.
Story image
Infrastructure
SolarWinds IT Trends Report highlights increased cloud complexity for businesses
SolarWinds' new IT Trends report has signalled a significant shift in the way businesses are dealing with hybrid cloud and infrastructure.
Story image
Open source
DataStax secures US$115 million to fund database expansion
DataStax has secured US$115 million in funding, which it will use to develop and expand its Astra DB multi-cloud database and Astra Streaming service globally.
Story image
Logitech
How technology can level the playing field in the hybrid era
As businesses across the globe continue to grapple with the aftershocks of the COVID-19 crisis, it’s become crystal clear that the hybrid work model is here to stay.
Story image
Appointments
Tech job moves - EOS, Rubrik, SAP, Talent, Verizon & Zoom
We round up all job appointments from June 2-8, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Training
Dell Technologies reveals growth of Student TechCrew in A/NZ
Dell Student TechCrew is an initiative designed to promote future career skills through Dell’s technical certification program and hands-on experience.
Story image
Open XR
Juniper Networks, Sumitomo Electric, Arrcus join Open XR forum
Building a robust multi-vendor ecosystem is essential to enable network operators to achieve increased network capabilities provided by XR optics technology.
Story image
Entelar
How TruSens air purifiers can create healthier workspaces
The pandemic has heightened our awareness of our own and others’ health, and made us all much more conscious of the environments we work in.
Story image
Robotic Process Automation / RPA
rapidMATION helps Coates achieve success with landmark RPA solution
A strong Robotic Process Automation solution (RPA) can help solve many complex issues that businesses face daily. 
Story image
SaaS
Sealord partners with Infor to improve sustainability
Sealord has chosen Infor as a strategic partner to implement an operational cloud-based platform that provides day-one functionality and sustainability gains.
Story image
Cloud
Cisco launches AppDynamics Cloud for greater performance
Cisco has launched AppDynamics Cloud, enabling the delivery of better digital experiences by correlating telemetry data from across any cloud environment at scale.
Story image
PagerDuty
Ready for anything with the PagerDuty Operations Cloud
In a world of digital everything, teams face increasing complexity. Ever-growing dependencies across systems and processes put customer and employee experience, not to mention revenue, at risk.
Story image
Artificial Intelligence
Finance is on a new footing to improve internal customer service
Finance functions and leaders have marked 2022 down as a year for process improvement, writes Servicely’s founder and CEO Dion Williams.
Story image
Digital Transformation
Apptio adds portfolio enhancements to promote digital strategy
"While digitalisation creates opportunities, it also makes budgeting far more complex, leading many companies to waste substantial funds."
Story image
Orbital Insight
Orbital Insight solution set to drive better data-driven decisions
The company says the new Site Intelligence solution will provide granular visibility, behaviour analytics and deep insights about customers and competitors at any location. 
Story image
Banking
Banks, PSPs prioritising payment modernisation to compete
A new report gives payment providers a forward-looking view of the evolution of payments and investment drivers for modernisation.
Story image
Employment
Majority of APAC CFOs concerned about rising wages
"In challenging times, CFOs look to determine how they can do things differently and as a result, new ideas about future growth emerge."
Story image
Digital Transformation
Govt IT spending on the rise, driven by XaaS - Gartner
Worldwide government IT spending is forecast to total $565.7 billion in 2022, an increase of 5% from 2021, according to Gartner.
Story image
Dark web
Cybercrime in Aotearoa: How does New Zealand law define it?
‘Cybercrime’ is a term we hear all the time, but what exactly is it, and how does New Zealand define it in legal terms?
Story image
Data
How a single mandate changed software development forever
There’s conjecture about exactly when it was issued and by whom, but a mandate made twenty years ago is continuing to shape the software development process today.
Story image
Cloud
TradeWindow using Nintex platform amid global expansion
TradeWindow is using Nintex Promapp to support its recent expansion and to prepare for ambitious international growth.
Story image
Remote Working
Globalization Partners to improve global talent hire
Globalization Partners says the global availability of its services will make it fast and simple for companies to hire and pay anyone, anywhere in the world.
Story image
Testing
Video: 10 Minute IT Jams - An update from Tricentis
Tricentis provides software testing automation, and software quality assurance products for enterprise software.
Story image
Collaboration
IT and security team collaboration crucial to data security
Many IT and security decision makers are not collaborating as effectively as possible to address growing cyber threats.
Story image
Manhattan Associates
New late-stage order cancellation to improve customer service
Manhattan Associates launches new service allowing orders to be cancelled up to the point of manifested/loaded status, preventing unwanted shipments and costly returns.
Story image
Cloud
Dynatrace named Leader in Gartner’s 2022 Magic Quadrant
Gartner has named Dynatrace a Leader in the 2022 Magic Quadrant for Application Performance Monitoring (APM) and Observability.
Story image
Hybrid workforce
Why hybrid working is here to stay and how to ace it
Citrix's new report reveals hybrid workers are more productive and engaged at work than their office and completely remote counterparts.