Digital transformation is underway in organisations across the public and private sectors and cyber security is crucial to ensure this transformation is sustainable and achievable. Without effective cyber security, organisations will struggle to consistently deliver digital products and services in a way that retains the trust and confidence of their customers or stakeholders.
The NCSC’s analysis of data gathered from 250 New Zealand NSOs has identified four areas of good practice where organisations can focus their efforts for the greatest effect. These areas are:
- Governance – Promoting cyber security at a senior leadership level to protect an organisation’s most important digital assets.
- Investment – Investing in cyber security to minimise risk and maximise returns.
- Readiness – Preparing the organisation to detect, respond, and recover from a cyber security incident.
- Supply Chain – Maintaining oversight and awareness of the cyber security risks in an organisation’s supply chain.
The diversity and size of New Zealand organisations means they are not conducive to a ‘one-size-fits-all’ approach. Often, small organisations have insufficient resources to protect all assets equally or a growing organisation may have a higher risk appetite. However, the focus areas identified in this report overlap and are mutually reinforcing; even small improvements in any of these categories will help raise cyber resilience overall.
To assist organisations to improve their cyber security and resilience, the report outlines practical steps that can be taken in the four areas mentioned and provides links to useful resources.