Productivity gains from AI will stall unless New Zealand fixes its security foundations 

New Zealand businesses are under increasing pressure to lift productivity, operate more efficiently and meet growing digital expectations. Artificial intelligence is often presented as the quickest way to achieve this, promising to automate tasks, reduce manual effort and help teams get more done with the same resources. On the surface, it seems like the natural solution.

Yet the global numbers tell a different story. While many organisations have trialled tools such as ChatGPT and Copilot, and a significant number are now deploying them, but very few are seeing transformation at scale. Enterprises have invested between thirty and forty billion dollars in generative AI, and yet, only a small portion have reached full production. MIT refers to this gap between investment and impact as the GenAI Divide. 

The central issue is not the technology itself. It is the environment it is being introduced into.

AI is landing on top of already stressed systems

Across New Zealand, leaders are trying to modernise their organisations while managing cloud disruptions, tightening compliance expectations, long-running supply chain pressures and ongoing workforce shortages. Teams are already stretched. Into this context, AI is frequently adopted as a quick fix for productivity.

However, when new tools arrive in environments that lack visibility, cohesion or clear governance, the result is rarely efficiency. It often creates new gaps, which become new risks.

Shadow AI illustrates this clearly. Staff adopt AI tools to make their work easier, but they often do so without approval or oversight. This contributes to greater data sprawl, inconsistent workflows and new blind spots across systems that are already difficult to manage. In a region where organisations rely on a patchwork of legacy systems, cloud services and outsourced providers, this unmonitored use of AI adds even more complexity.

AI is speeding up familiar threats

AI’s role in cybercrime is also gaining growing attention and concern. While the underlying types of attacks that affect Australia and New Zealand have not changed, the speed and scale have. Ransomware, business email compromise and targeted phishing remain the most damaging threats. AI simply makes them easier, faster and more convincing.

Criminals can now personalise phishing emails, imitate voices and automate entire stages of an attack. These methods are becoming more polished, which is why more New Zealanders are being caught out. Netsafe’s latest State of Scams report estimates that New Zealanders lost around three billion dollars to scams this year, which is a significant increase on the year before. The financial loss is only one part of the picture. The real cost lies in the disruption that follows. Staff must restore systems, repeat affected work and rebuild trust with customers and partners.

New Zealand’s involvement in recent international efforts to disrupt large-scale visa and identity fraud, highlights how common these cross-border attacks have become. Criminals take advantage of the same weaknesses that challenge local organisations each day. These include overstretched teams, limited visibility and a tendency to move at speed in complex environments.

One of the clearest lessons from recent incidents across the region is that adding new tools rarely resolves these issues. In fact, it often makes it harder for people to do their jobs. Disconnected systems force staff to switch between platforms, alerts fall through gaps, and security teams struggle to identify weak signals in time to act on them.

Attackers understand these conditions. The most damaging threats today are designed to slip quietly between systems that do not talk to each other. When organisations respond by adding even more tools, the noise increases, and the pressure on staff grows.

For small teams with wide responsibilities, simplicity is now a strategic advantage. Fewer systems, better integrated, provide the clarity and speed required to reduce risk and support productivity gains.

Why New Zealand needs clarity, visibility and control

The rise of deepfake-enabled fraud, the escalation of AI-driven attacks and the persistent shortage of cyber skills mean there is very little room for error. Security teams need integrated tools, a clear line of sight across their networks and processes that are easy to act on in the moment.

This is where onshore, connected security infrastructure becomes essential, ensuring your data is held locally and in one place. This reduces complexity and provides a more complete view of what is happening across your environment. For teams carrying a significant load, this visibility is critical. It gives them the ability to act quickly, meet compliance expectations and maintain trust without slowing the organisation down. Fortinet recently launched a local Secure Access Service Edge (SASE) point of presence (PoP) in Auckland, in response to growing demand from across New Zealand businesses. 

Technology shapes the threat, but people influence the result

Even with the rapid evolution of AI, most incidents still begin with human behaviour. A convincing email. An urgent request. A misconfiguration made under pressure. Training, culture and processes that support quick reporting remain among the strongest safeguards available. 

New Zealand has an opportunity to improve both productivity and cyber resilience, but only if organisations focus on clarity over complexity. That means simpler systems, tighter processes and safer use of AI in a way that preserves visibility and control.

Efficiency is not about moving faster, but about moving with confidence, with fewer blind spots and a clear understanding of risk. If organisations can achieve that, they will be better placed to take advantage of AI’s potential while building a more resilient digital future for New Zealand.