New Zealand’s cyber security maturity highly variable – GCSB

“So, everyone has a part to play,” he said.

“Over the past year we’ve strengthened our engagement with critical infrastructure providers, who are becoming higher profile targets for malicious actors. Consultation with these key organisations is now underway about potential cyber security regulation.”

However, Clark conceded not all organisations which held very sensitive personal information had the right levels of cyber security in place.

“What is a missing piece at the moment, is the right incentives for organisations holding highly sensitive data to have the right levels of cyber security in place to be able hold that really sensitive information,” he said.

Addressing that was part of the action plan for the latest cyber security strategy which raised the issues of privacy.

“Under this element of cyber security strategy we will work with other agencies to put up advice around what we think needs to change,” Clark said.

He added other similar countries had already put such incentives in place as the goal posts

Looking ahead Clark said the rapid pace of technology development was going to present both security challenges and opportunities.

“We are already seeing this with AI, but expect this to also happen in the areas of quantum computing and cryptography,” he said. “Some shifts may be hard to predict and could occur at short notice, meaning that we may have to adapt quickly. So being both proactive and agile will be important.”