The largely unregulated state of cybersecurity in New Zealand and the resulting ambivalence for most local businesses threatens to hurt the country’s global business prospects.

Author of the book ‘She’ll Be Right (Not!) – a cybersecurity guide for Kiwi business holders – SME cybersecurity expert Daniel Watson said that apart from privacy law, there are very few computer security regulations in New Zealand. However, foreign markets like the United States and Europe have strict legislation in place to protect the public and businesses from international cybercriminals.

“Anyone can call themselves a cybersecurity expert in New Zealand, and many do, but selling antivirus software isn’t even the tip of the iceberg when it comes to protecting your data. , your assets and your intellectual property.

“Critical security controls, anti-malware, security awareness, authentication protocols and best practice processes to handle unintentional data breaches are a whole different level of control than most SMBs New Zealanders, in particular, just don’t.”

Watson, who locally helps businesses comply with GDPR legislation in the European Union and NIST in the United States, among others, said international businesses are increasingly requiring local businesses to comply with relevant international standards.

“Not only do they expect you to be compliant with standards like GDPR, but they also expect you to be able to prove it, and I’m afraid many New Zealand businesses, because it there is no local pressure, only the pants are taken down.

“It’s not difficult. Globally, there are standards like ISO27001 that will help ensure that New Zealand businesses will comply with most if not all overseas cybersecurity regulations and a set of increasing number of cybersecurity assurance compliance requirements. ISO is holistic and neutral.”

Faced with demands for greater compliance from their insurer, Watson said a local company had dropped cybersecurity insurance altogether.

“Which is just crazy considering that cyberattacks grew by 31% in 2020-2021 alone and are projected to cost the world over $10.5 trillion by 2025.”

Watson urged local New Zealand businesses to take the following steps to protect their customer data, their business and their markets:

1. Descending

IT security must become a top-down responsibility. The board, board chair, CEOs, and owner-managers should take personal responsibility for their cybersecurity rather than outsourcing or delegating responsibility.

2. Cybersecurity insurance

Make sure your business has cybersecurity insurance to protect against attacks and ensure compliance.

3. Pass ISO27001

The lack of proper cybersecurity legislation in New Zealand can be addressed by adopting the ISO27001 standard as it is agnostic and globally recognized.

“We need the government to start monitoring the ownership of this issue and better communicate the serious risk that cybercrime poses to the New Zealand public and local businesses,” Watson said.

For more information visit:

© Scoop Media


Value of EQ in the digital transformation journey


Here are the 25 most dangerous software bugs you need to worry about

Check Also