New Zealand government seeks feedback on Cyber Security Strategy

The New Zealand government is consulting on measures to enhance the cyber security of the country’s critical infrastructure system, following the release of its Cyber Security Strategy last week.

“We are primarily seeking industry feedback, from owners and operators of New Zealand’s critical infrastructure who would be directly affected by potential regulatory reform,” the department stated.

“We also welcome input from individuals, businesses and communities who are directly affected by the security and resilience of our critical infrastructure. Your feedback will inform further analysis and advice to cabinet.”

In a discussion document, Prime Minister and Minister for National Security and Intelligence Christopher Luxon said cyber risks were generally not well understood or collectively managed to a consistent level across New Zealand’s critical infrastructure system.

“These risks are escalating due to changing technology, economic instability, and a more volatile geopolitical environment,” he said.

“The impact of cyber harm is also intensifying, with a rise in reported financial losses and a global increase in cyber attacks that severely disrupt or even halt the operation of critical infrastructure, paralysing the delivery of essential services to businesses and communities.”

Citing estimates from the National Cyber Security Centre (NCSC) for 2025, the government said there were likely over $16 billion in direct losses from online threats a year in New Zealand.

However, New Zealand took a predominantly voluntary approach to cyber security, with tools and guidance provided by the NCSC to help critical infrastructure entities understand and manage their cyber risks, Luxon added.