• Skip to content
  • Skip to navigation
Global site
  • Global site
  • Algeria
  • Botswana
  • Cameroon
  • Egypt
  • Ethiopia
  • Gabon
  • Guinea
  • Kenya
  • Libya
  • Malawi
  • Mauritius
  • Morocco
  • Namibia
  • Nigeria
  • Senegal
  • South Africa
  • Togo
  • Tunisia
  • Uganda
  • Zambia
  • Zimbabwe
  • Anguilla
  • Antigua
  • Argentina
  • Aruba, Bonaire, Curacao and St. Maarten
  • Bahamas
  • Barbados
  • Bolivia
  • Brazil
  • British Virgin Islands
  • Canada LLP
  • Canada RCGT
  • Cayman Islands
  • Chile
  • Colombia
  • Costa Rica
  • Dominica
  • Ecuador
  • El Salvador
  • Grenada
  • Guatemala
  • Honduras
  • Mexico
  • Montserrat
  • Nicaragua
  • Panama
  • Paraguay
  • Peru
  • Puerto Rico
  • St Kitts
  • St Lucia
  • St Vincent and the Grenadines
  • Trinidad & Tobago
  • Turks and Caicos Islands
  • United States
  • Uruguay
  • Venezuela
  • Afghanistan
  • Australia
  • Bangladesh
  • Cambodia
  • China
  • Hong Kong
  • India
  • Indonesia
  • Japan
  • Korea
  • Malaysia
  • Mongolia
  • Myanmar
  • New Zealand
  • Pakistan
  • Philippines
  • Singapore
  • Taiwan
  • Thailand
  • Vietnam
  • Albania
  • Armenia
  • Austria
  • Azerbaijan
  • Belarus
  • Belgium
  • Bosnia and Herzegovina
  • Bulgaria
  • Channel Islands
  • Croatia
  • Cyprus
  • Czech Republic
  • Denmark
  • Estonia
  • Finland
  • France
  • Georgia
  • Germany
  • Gibraltar
  • Greece
  • Hungary
  • Iceland
  • Ireland
  • Isle of Man
  • Israel
  • Italy - Bernoni
  • Italy - Ria
  • Kazakhstan
  • Kosovo
  • Kyrgyzstan
  • Latvia
  • Liechtenstein
  • Lithuania
  • Luxembourg
  • Malta
  • Moldova
  • Monaco
  • Netherlands
  • North Macedonia
  • Northern Ireland
  • Norway
  • Poland
  • Portugal
  • Romania
  • Russia
  • Serbia
  • Slovak Republic
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Tajikistan
  • Turkey
  • Ukraine
  • UK
  • Uzbekistan
  • Bahrain
  • Egypt
  • Jordan
  • Kuwait
  • Lebanon
  • Oman
  • Qatar
  • Saudi Arabia
  • United Arab Emirates
  • Yemen
Grant Thorton Logo

Grant Thornton Logo Grant Thornton logo

  • Meet our people
  • Insights
  • Services
  • Industries
  • Careers
  • Locations
  • Business advisory services
  • Financial advisory services
  • Tax
  • Audit
  • Operational advisory
Business advisory services Home
  • NZTE support for businesses impacted by COVID-19
Financial advisory services Home
  • Asia Services Group
  • Business valuations
  • Capital markets
  • Complex and international services
  • Corporate insolvency
  • Debt advisory
  • Expert witness
  • Financial models
  • Forensic and investigation services
  • Independent business review
  • IT forensics
  • Mergers and acquisitions
  • Raising finance
  • Relationship property services
  • Restructuring and turnaround
  • Transaction advisory
Tax Home
  • Corporate tax
  • Employment tax
  • Global mobility services
  • GST
  • International tax
  • Research and Development
  • Tax compliance
  • Transfer pricing
Audit Home
  • Audit methodology
  • Audit technology
  • Financial reporting advisory
Operational advisory Home
  • Business architecture
  • Internal audit
  • IT advisory
  • IT privacy and security
  • PCI DSS
  • Process improvement
  • Procurement/supply chain
  • Project assurance
  • Risk management
  • Robotic process automation (RPA)
  • Energy and resources
  • Financial services
  • Food and beverage
  • Health and aged care
  • Media and entertainment
  • Not for profit
  • Professional services
  • Public sector
  • Real estate and construction
  • Grant Thornton New Zealand
  • Press releases
  • 2016
  • Budget 2016: cyber security move needs follow up

Budget 2016: cyber security move needs follow up

23 May 2016
  • 2016

At the recent Cyber Security Summit in Auckland, new measures including a national Computer Emergency Response Team (CERT) and a credentials scheme for business were announced. Like most new endeavours, the implementation will present a number of challenges and even more opportunities to build on these positive steps.

At the summit, Prime Minister John Key made a pre-Budget announcement confirming a $22 million investment in the CERT. Summit host, Minister for Communications, Amy Adams said the CERT would have an appointed public and private sector advisory board reporting directly to her. To enable a fast-start, the CERT will initially be housed within the Ministry of Business, Innovation & Employment. Minister Adams also confirmed that a cyber-credentials scheme would be up and running by the end of this year.

The CERT will rely on building trust with business to contribute information about their security breaches, with no mandatory reporting, and a business and public sector community capable of understanding and using this information. At the Cyber Security Summit, keynote speaker from Google, Richard Salgado, was among those who noted that while mandatory reporting occurs overseas, it isn’t necessarily more effective. Anyone with a major bank account or user of a service is likely to be made aware of a breach. As Richard says, “it is more important to ask, what are you going to do about it?”

Many SMEs rely on outsourced technology support to secure their systems and data. Of course there are also variances in contracting service providers – when you don’t know what good looks like, it isn’t always easy to know what to look for. The next initiative the Government should pursue through future budgets is to support and fund certification processes that would help inform businesses who the best technology providers are.

In New Zealand, and many other parts of the world, we tend to focus on technology, systems and hardware. But a locked-down security environment is where we tend to see the worst behaviours – people will find ways to work around this; for example, your colleague who emails documents home, or the vendor who provides content on a USB plugged straight into your hardware.

Focusing purely on technology and systems will never be fully effective – organisations must also turn their attention to their people and the processes supporting them. Human error or “wetware” is still the biggest weaknesses in any cyber security defence. Education and understanding supports good systems in place – and growing the understanding and capability of cyber security would be a great Government investment.  The more leadership teams understand and support security, the better and more likely their organisations are to improve their understanding and reaction to the changing threats.  If we achieve this, then the information provided by a CERT would be well used.  

We also can’t rely on our physical isolation as a protective measure. That didn’t work for the flightless bird that used to exist here … and it won’t work for cyber security.  New Zealand has an opportunity to not only catch up with the rest of the world but to actually become better when it comes to cyber security.

Further enquiries, please contact:

Hamish Bowen
Partner, IT Audit and Advisory
Grant Thornton New Zealand
T +64 (0)4 495 1539
E hamish.bowen@nz.gt.com 

  • Follow us on Instagram
  • LinkedIn icon
  • Twitter icon
  • Facebook icon
CONNECTclose
  • Contact us
  • Make an enquiry/submit an RFP
  • Meet our people
  • Careers
  • Alumni
  • Locations
ABOUTclose
  • About Grant Thornton
  • Insights
  • Press
LEGALclose
  • Privacy
  • Disclaimer
  • Sitemap

© 2021 Grant Thornton International Ltd (GTIL) - All rights reserved. "Grant Thornton” refers to the brand under which the Grant Thornton member firms provide assurance, tax and advisory services to their clients and/or refers to one or more member firms, as the context requires. GTIL and the member firms are not a worldwide partnership. GTIL and each member firm is a separate legal entity. Services are delivered by the member firms. GTIL does not provide services to clients. GTIL and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions.

    • EN