Does Aotearoa need a minister of cyber security?

A decade ago, cyber security was barely an afterthought for the masses. Unless you were entrenched in the IT sector, most people probably didn’t consider themselves, or the businesses they worked for, as any sort of target for hackers. Today, cyberattacks are headline news. Online safety is now something we all think about and it’s a top priority for boards and governments.

All experts agree things are only going to get worse over the next 10 years. Cybercriminals are getting smarter and cyberattacks are becoming more frequent. With cybercriminals unconstrained by geographical borders, all nations need to be more prepared. So what more can we do?

Australia recently answered this question by including a dedicated Minister for Cyber Security, Clare O’Neil, within its cabinet. It is the first country within the G20 to do this.

This is Australia’s latest step to get in front of the cybercriminals. Over the past few years, it has spent time and resources updating its cyber security strategy and recently dedicated A$9.9 billion to the sector. Both government and private industry are also making a cohesive effort to uplift the cyber security of Australia’s critical infrastructure.

Already, the new ministry has had an impact with the recent high-profile Optus cyber breach, which has seen O’Neil put public pressure on the telecommunications company to do more to protect the data of Australian consumers.

Shortly after the Optus breach came an attack closer to home. The Pinnacle Health cyberattack affected about 450,000 New Zealanders. The Australian government’s response to the breach will be putting pressure on Kiwi officials to respond appropriately as well.

With the cyber threat growing each day, it is only a matter of time before the rest of the world follows Australia’s lead and turns cyber security into its own dedicated portfolio.

Cyber security is certainly a point of emphasis for our government and in the past decade it has made great strides. We already have organisations such as CERT supporting New Zealand businesses and individuals to become more cyber resilient. The Ministry of Justice and the Ministry of Education also support Netsafe, an organisation helping Kiwis stay safe online. Cyber security is also an important part of the digital economy and national security portfolios.

In the 2022 Budget, $30 million was put towards cyber resilience which is great, but a fraction of what our Australian counterparts have dedicated. Our government has also announced the Cyber Resilience Measurement Framework, which has been created to quantify Aotearoa’s cyber resilience. The framework is currently a prototype, set to be rolled out over the next four years.

Despite all this, it is clear many New Zealanders don’t take cyber threats seriously. Many of us reuse the same passwords and find two-factor authorisation a frustrating inconvenience, rather than a reassuring step to the login process.

New Zealand has often followed Australia’s lead when it comes to implementing cyber legislation – taking a close look at what is unfolding across the ditch may give us some indication on what we could effectively implement.

Australia’s approach has seen it take cyber security right to the very top. Instating a dedicated portfolio with a minister who can spend their time and energy tackling cyber security issues will no doubt make a significant difference to Australia’s overall attitude. After all, the top-down approach is what has proven successful in business. The companies with a cyber expert at the board level are the organisations most prepared for cyberattacks.

But this isn’t just a business issue; cyber security is something that impacts all of us. Whether you’re an individual, a business owner, critical infrastructure provider or a government organisation, no one is immune to experiencing a cyber breach. In 2020, the Reserve Bank estimated the cost of cybercrime in New Zealand to be $80 million-$140 million per year.

To hackers we are just numbers on a screen and many of the attacks are completely automated with millions going out every day. Cybercriminals are looking for the easiest targets to hack, they don’t care about the geographic location. The new Australian ministry emphasises that nations must step up at every level, or risk being overwhelmed.

What if New Zealand followed Australia’s lead and created our own ministry for cyber security? Making cyber security a government priority will not stop cyberattacks occurring – with a number of incidents and breaches generated from international actors it’s difficult to tackle the problem at its root. Instead, what it would do is increase our resilience against cyberattacks so we can defend ourselves, and bounce back, quicker.

One thing is clear. The dedicated focus Australia is putting on cyber security will ensure this remains a government priority for years to come and thus mitigates the risk of being underprepared when the next large-scale cyberattack occurs.