Image source: Dan Nelson
The New Zealand government has ramped up its fight against cybercrime with a new initiative aimed at strengthening the country’s cybersecurity infrastructure. Announced by the Minister for the Digital Economy and Communications, this strategic commitment highlights the urgent need to build national cyber resilience against escalating threats.
The initiative has an annual funding boost of $1.7 million over the next four years. For business leaders, this presents a crucial opportunity to enhance their cybersecurity posture and safeguard their operations, which will benefit their SMEs and the remote workforce.
According to Hon Paul Goldsmith, “In 2023, 11% of New Zealanders experienced fraud and cybercrime, leading to significant financial harm and emotional distress.
The Budapest Convention, known as the Council of Europe Convention on Cybercrime, is the only binding international treaty on this matter. It aligns the laws of member nations, enhancing collaboration in criminal investigations. This will enable our law enforcement agencies to better protect New Zealanders by providing them with the necessary tools to detect, investigate, and prosecute crimes, even in an online context.”
A More Dangerous Cyber Landscape
Cybercrime is on the rise in New Zealand, with over 8,000 incidents reported in 2022 alone, translating to approximately $20 million in financial losses. While recent data shows a slight dip in the overall number of attacks, their complexity and intensity have grown alarmingly.
According to a government report, almost half of all cyber incidents now target small and medium-sized enterprises (SMEs), often regarded as easier targets due to weaker security protocols. These attacks, ranging from ransomware and phishing to sophisticated data breaches, can devastate businesses financially and operationally.
Many SMEs are alarmingly unprepared, with a large proportion unaware of their vulnerabilities. All too often, cybersecurity has been sidelined as an afterthought or viewed as a luxury that cannot be afforded—until it’s too late.
According to the Sophos Report 2023, more than three-quarters of cyber incidents now target small and medium-sized enterprises (SMEs), with ransomware emerging as a particularly prevalent method of attack. This report highlights a staggering global increase of 38% in cyberattacks compared to the previous year, underscoring the urgent need for enhanced security measures within this sector.
Similarly, the Guardz Report reveals that 57% of SMEs have experienced a cybersecurity breach, with 31% reporting that their business had been specifically targeted in the past year. This analysis emphasises the critical necessity for better preparedness among SMEs, as many continue to underestimate their vulnerability to cyber threats.
What the Government’s Cybersecurity Initiative Means for SMEs
The recent funding increase is designed to offer vital, practical support to small and medium-sized enterprises (SMEs) in dire need of improved cybersecurity measures. Programmes such as “Own Your Online” will deliver free resources to assist businesses in assessing their cybersecurity risks and crafting effective strategies to address them.
These initiatives aim to close existing knowledge gaps and mitigate the high costs linked to post-attack recovery. In addition, the government’s plans to enhance the National Cyber Security Centre’s (NCSC) reach will allow more businesses to access technical guidance and best practices, alongside rapid response teams during cyber incidents.
The integration of CERT NZ into the NCSC is intended to create a more cohesive strategy for addressing these cyber threats, offering businesses a clearer point of contact during critical moments.
The Bill includes provisions to ensure our domestic laws comply with the requirements of the Convention. These provisions encompass:
- New ‘preservation directions’ in the Search and Surveillance Act, allowing law enforcement agencies to require companies to preserve records that may serve as evidence of criminal activity.
- Amendments to the Mutual Assistance in Criminal Matters Act, enhancing our ability to seek assistance from foreign countries in criminal investigations and to provide assistance in return.
- Minor amendments to the Crimes Act to ensure that offences related to cybercrime and the use of computers are comprehensive and fully align with the Convention.
Addressing Remote Work Vulnerabilities
As remote working becomes the norm due to the COVID-19 pandemic, it has brought about security challenges that businesses did not encounter before. Employees often connect via less secure home networks or personal devices, increasing the vulnerability of critical business data to interception or theft.
Internet Insights report, Approximately 61% of Kiwis are in jobs that can be performed remotely, with around 78% working remotely some or all of the time.
The government’s recent funding boost aims to support enhanced cybersecurity measures specifically designed for remote work environments. This initiative enables business leaders to secure remote endpoints such as laptops and mobile devices through the adoption of stronger encryption, multi-factor authentication, and improved VPNs.
Cybersecurity awareness among remote workers is a vital focus of the government’s latest initiative, which aims to provide targeted training resources. This effort ensures that employees working from home are equipped with the necessary knowledge to recognise phishing scams, unsafe downloads, and other common attack vectors.
The additional funding will empower businesses to establish clearer policies that extend security protocols beyond the physical office, enhancing overall cybersecurity resilience.
Why Proactive Cybersecurity is Critical
While improvements in cybersecurity are underway, many business leaders remain entrenched in reactive approaches. According to the National Cyber Security Centre (NCSC), 57% of small and medium-sized enterprises (SMEs) only enhance their cybersecurity measures after experiencing a breach.
This trend reveals a troubling dependence on reactionary strategies, leading to a cycle of financial and reputational damage before effective measures are put in place. The new influx of funding presents an opportunity to shift this mindset. Business leaders are encouraged to adopt a proactive stance, essential not only for avoiding disruptions but also for staying competitive in a rapidly digitising marketplace.
Those who fail to prioritise cybersecurity may encounter higher insurance costs, disrupted supply chains, and a tarnished brand reputation, particularly as New Zealand’s economy integrates more closely with global markets and the threat of international cyberattacks grows.
Long-term Implications for Kiwi Business Leaders
Beyond immediate protections, the government’s increased commitment sends a clear signal: cybersecurity is not just an IT issue but a core business strategy. This funding is about ensuring long-term resilience, safeguarding customer trust, and maintaining business continuity.
For SMEs and business leaders, investing in cybersecurity tools, training, and infrastructure today could prevent much more significant losses down the road.
According to the Cyber Security Support Program in Queensland, investing in cybersecurity can lead to significant long-term savings by decreasing the frequency and impact of cyberattacks, which helps minimise operational disruptions and financial losses.
Additionally, research by the Aberdeen Group in partnership with Wombat Security Technologies shows that organisations implementing comprehensive cybersecurity training programmes can reduce their risk of a data breach by as much as 70%.
This trend aligns with a prediction from Cybersecurity Ventures, which estimates that global cybersecurity spending will exceed £1 trillion from 2017 to 2021, reflecting an increasing awareness among businesses of the necessity for robust investment in security measures to protect against evolving threats.
As digital transformations accelerate and global cyber threats continue to evolve, business leaders in New Zealand will need to remain vigilant and adaptive. Government support is crucial, but businesses themselves must also take ownership of their cybersecurity posture.
For employees, particularly those working remotely, these new measures will provide greater peace of mind, knowing that their devices, networks, and sensitive data are protected from increasingly sophisticated cyber threats.
Conclusion
The government’s increased commitment to cybersecurity sends a powerful message, it is not merely an IT issue, but a fundamental component of business strategy. This funding aims to ensure long-term resilience, safeguard customer trust, and maintain business continuity.
For small and medium-sized enterprises (SMEs) and business leaders, investing in cybersecurity tools, training, and infrastructure today could avert far more significant losses in the future. As digital transformations accelerate and global cyber threats evolve, New Zealand’s business leaders must remain vigilant and adaptable.
While government support is vital, businesses must take ownership of their cybersecurity posture. For employees, especially those working remotely, these new measures will instill greater peace of mind, knowing their devices, networks, and sensitive data are better protected against increasingly sophisticated cyber threats.