Cybersecurity, written for Aotearoa
Threat intelligence, compliance guidance, and incident-response field notes from our New Zealand security practice.
The 2026 New Zealand Cyber Threat Landscape: What Aotearoa Businesses Need to Know
A practitioner's view of the threats hitting New Zealand organisations right now — ransomware, business email compromise, supply-chain attacks, and what to do about them.
Privacy Act 2020: A Plain-English Guide to Breach Notification for NZ Businesses
Notifiable privacy breaches, the 72-hour expectation, what to tell the Privacy Commissioner and affected individuals, and how to prepare before something goes wrong.
Mapping NZISM Controls to Modern SaaS: A Pragmatic Guide
How to apply New Zealand Information Security Manual controls when most of your stack is Microsoft 365, Google Workspace, AWS, and a long tail of SaaS — without drowning in paperwork.
A Ransomware Playbook for New Zealand SMBs (That Actually Fits on One Page)
What to do in the first hour, the first day, and the first week of a ransomware incident — written for owner-operated NZ businesses without a dedicated security team.
Why New Zealand Should Move Past SMS and Push MFA in 2026
Adversary-in-the-middle phishing kits are defeating traditional MFA at scale. Here's why phishing-resistant MFA — passkeys and FIDO2 — is now the baseline for NZ organisations.