Government Cyber Security Showcase Aotearoa

• The cyber threat landscape as explained through the five key judgements.
• Aligning with NZ's National Cyber Security Strategy.
• The uptake of AI in the public service.

New Zealand’s geographic isolation no longer protects against today’s borderless cyber threats. As highlighted in the New Zealand Cyber Security Strategy 2026–2030, resilience requires a whole-of-society approach—but increasingly, attacks target identity, not infrastructure.

This session explores why national cyber resilience must be built from the inside out, with identity as the foundation. Learn how the public sector can strengthen defence through AI-driven automation, continuous compliance, and a more predictive security posture.

Senior leaders discuss how Aotearoa is securing essential infrastructure from evolving threats through stronger regulation, smarter coordination and resilient design.

• How agencies and industry are strengthening infrastructure resilience.
• Emerging regulatory and operational approaches.
• Lessons from recent disruptions at home and abroad

Jonathan Wilkins

Chief Information Security Officer, Ministry for Primary Industries

Salman Ishrar

Information Technology Security Manager, New Zealand Parliament

Amelia East

Former Commercial and PPP Transaction Lead, NZ Transport Agency

We will explore how dynamic risk management and continuous security assurance approaches can form a robust foundation for enhancing an organisation's cybersecurity posture.

This encompasses empowering business owners to make informed, risk-based decisions and ensuring conformance with audit requirements without sacrificing valuable time on repetitive tasks. Additionally, it provides a comprehensive view of enterprise cybersecurity risk management and a means to gauge the organisation's cybersecurity maturity. As a result, investments in cybersecurity can be directly linked to the reduction of business risks.

In a contested digital environment, regulatory architecture shapes defensive capacity. Product security, certification and compliance now operate as a joined system. How that system is calibrated affects national security, economic productivity and infrastructure resilience. This session explores how New Zealand can design assurance frameworks that strengthen accountability while preserving deployment velocity, ensuring regulation accelerates - rather than constrains - national cyber resilience.

This panel explores how New Zealand government agencies are approaching the safe and ethical adoption of artificial intelligence. The discussion will examine how agencies can embed trust, governance, and

responsible use of AI while ensuring systems remain explainable, secure and aligned with public values.

Discussion Points:

• Practical steps for embedding AI governance and accountability across the public sector.
• Ensuring transparency and fairness in government AI systems.
• Building trust through responsible use, clear frameworks, and strong leadership oversight.

Emma MacDonald

Director, Stats NZ

Colin Simpson

Professor, University of Auckland

Russell Craig

Independent Technology Expert and Advisor, DEAG

Brett Williams

Senior Manager, Solutions Engineering, SentinelOne

New Zealand’s cyber threat landscape is escalating in scale and sophistication.

In 2025 alone, the NCSC triaged 331 critical incidents — averaging one nationally significant event per day — with $26.9 million in direct losses and a further $47.9 million narrowly avoided. From state-sponsored actors pre-positioning in critical infrastructure to AI-driven ransomware and politically motivated DDoS campaigns, threats are accelerating. Yet most breaches still stem from preventable gaps — unpatched systems, lack of MFA and basic misconfigurations — exposing a critical gap between perceived and actual readiness.

This session outlines a practical, evidence-based approach to closing that gap and rebuilding trust.

• Understanding the real drivers behind today’s most successful cyber attacks
• Closing the gap between assumed and actual cyber readiness
• Strengthening resilience through vulnerability management, continuous controls assurance and identity-led security
• Turning foundational security investment into measurable risk reduction and public trust

A dynamic discussion exploring automation and AI-driven Innovation and defence. Where does Aotearoa fit in as new technology takes hold.

• What next-generation threats could look like — and how to get ahead of them.

• The role of AI-driven automation, innovation and sovereign capability.

• Inspiring collaboration: positioning Aotearoa as a global thought leader in the digital age.

An in-depth conversation on why citizen trust depends on secure systems, transparent communication and embedding cyber security into every stage of public service delivery.

• Why secure systems are key to public confidence in data and digital services.
• Transparency and communication as part of cyber resilience.
• Evolving towards a “citizen-first” approach to cyber.

Liz MacPherson

Deputy Commissioner, Office of the Privacy Commissioner

Adwin Singh

Cyber Security D/L - CISO Office, Inland Revenue

Derek Robson

Former Chief Information Security Officer, New Zealand Parliament

Sean Connelly

Executive Director, Global Zero Trust Strategy and Policy, Zscaler