NZ Incident Response Bulletin – March 2026

The Cyber Security Strategy 2026–2030 – Frontline Reality vs. Strategic Vision

The recently released New Zealand Cyber Security Strategy 2026–2030 and its accompanying Action Plan 2026–2027 set a vision for a New Zealand that “embraces cyber security to enable innovation, drive a prosperous economy and protect our digital way of life”. Our views on this strategy are based on 24 years of experience responding to cybercrime incidents in New Zealand, including time with the NZ Police, Big4 consulting, and as a specialist digital forensic incident response (DFIR) firm. The content of this new strategy reflects exactly what we are seeing when responding to incidents on the ground.

The Strategy’s data highlights the brutal reality for New Zealand businesses and individuals:

  • Economic Impact: It is estimated that New Zealanders are losing more than $1.6 billion annually to cybercrime, primarily in the form of cyber-enabled fraud.
  • Prevalence: In a survey of 295 large New Zealand businesses, 59% reported experiencing a cyber incident in the last year.
  • National Significance: In 2025, 331 incidents were triaged for specialist technical support due to their potential national significance.

Objective 3: Respond and the Enforcement Gap

The Strategy’s third objective, Respond, focuses on reacting effectively and decisively to adverse incidents. Key immediate actions identified in the plan include:

  • Single Reporting Point: Establishing a single point for cyber incident reporting to improve data quality and access to recovery advice.
  • Legislative Powers: Updating legislative powers to enable security sector agencies to use cyber capabilities to advance national security interests.
  • International Cooperation: Working with partners to maintain lawful access while protecting personal data and privacy.

Regarding these actions, we observe the following:

  • We note that while the Strategy prioritises the detection and disruption of high-impact threats , the immediate Action Plan remains at a high policy level regarding the specific enforcement required for common commercial crimes.
  • We encourage the NZ government to consider the biggest impact to the cybercrime economy in New Zealand right now: Business Email Compromise (BEC) money mules.
  • We encourage the government in its Action Plan to prioritise local enforcement, followed by police prosecutions and suitable deterrents set out by the courts, as this is key to reducing the impact of these operations.

Addressing the Insider Threat

The Strategy provides clear definitions for the threats we face:

  • Cyber Incident: An event, intentional or not, that causes adverse consequences to an ICT system or its data.
  • Cybercrime: Crimes committed through the use of computer systems and directed at computer systems.
  • Cyber-enabled Crime: Crimes assisted, facilitated, or escalated in scale by the use of technology, such as online scams and fraud.

Regarding the scope of these threats, we observe the following:

  • We note that the theft of sensitive intellectual property (IP) is identified as a national security challenge, yet the current Action Plan lacks specific initiatives to help businesses manage this risk.
  • We note that the profile of this risk is increasing, with numerous cases of IP theft currently before the Employment Relations Authority (ERA) and the Employment Court.
  • We encourage the NZ government in its Action Plan to consider if enough is being done to address the Insider Threat.
  • We encourage the government to ensure businesses have the legislative and practical support necessary to protect their proprietary data from internal risks, alongside external cyber threats.

The 2026–2030 Strategy provides a solid framework, but its success will be measured by the transition from high-level policy to tangible enforcement and the protection of New Zealand’s intellectual property and other at risk assets.

About the Bulletin:

The NZ Incident Response Bulletin is a monthly high-level executive summary containing some of the most important news articles that have been published on Forensic and Cyber Security matters during the last month. Also included are articles written by Incident Response Solutions, covering topical matters. Each article contains a brief summary and if possible, includes a linked reference on the web for detailed information. The purpose of this resource is to assist Executives in keeping up to date from a high-level perspective with a sample of the latest Forensic and Cyber Security news.

To subscribe or to submit a contribution for an upcoming Bulletin, please either visit https://incidentresponse.co.nz/bulletin or send an email to bulletin@incidentresponse.co.nz with the subject line either “Subscribe”, “Unsubscribe”, or if you think there is something worth reporting, “Contribution”, along with the Webpage or URL in the contents. Access our Privacy Policy.

This Bulletin is prepared for general guidance and does not constitute formal advice. This information should not be relied on without obtaining specific formal advice. We do not make any representation as to the accuracy or completeness of the information contained within this Bulletin. Incident Response Solutions Limited does not accept any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, when relying on the information contained in this Bulletin or for any decision based on it.