Get cyber smart now

New Zealand entered 2026 with news of two major cyber data breaches, less than a month after the National Cyber Security Centre (NCSC) warned 26,000 people their computers were infected with information stealer malware.  

Internationally, companies such as Marks & Spencer, Qantas, Jaguar Land Rover and Asahi were hit by cyber incidents in 2025, disrupting operations and supply chains, exposing sensitive data, and attracting the attention of regulators, customers and shareholders. 

With the NCSC reporting 331 incidents of potential national significance in New Zealand  during the 2024/25 financial year, and  Kordia’s 2025 research showing that half of all companies experienced a cyber incident, directors can no longer leave cyber risk to chance or wait for an incident to find out whether security controls are effective, or executives are ready to respond.

Stakeholders increasingly view an ineffective response to a cyber incident as evidence of governance and management failure. 

Cybersecurity starts with effective governance, yet only 52% of boards receive regular cyber risk reporting, according to the Institute of Directors’ 2025 Director Sentiment Survey.

Early 2026 is the right time to:

• • Review the IoD's cyber risk governance guide
  • Ensure cyber reporting meets your board’s needs
  • Participate in an executive-level incident response table-top exercise
  • Prepare how your board will respond to a ransomware demand

If you are one of the 48% of directors who lack confidence in your organisation’s ability to respond effectively to a cyber incident, consider seeking an independent review of your security posture.