Key Takeaways: Government Cyber Security Showcase Aotearoa 2026

Chair’s Opening

Dan Richardson, Chief Operating Officer NZ, CyberCX New Zealand

Cybersecurity is no longer a function — it's a property of public service delivery. It now runs through how services are designed, governed, procured and held to account, meaning every operating decision a chief executive makes carries a cyber dimension whether it's named that way or not.

Public trust is the new measure of cyber maturity. Communities experience an agency's cyber posture through the digital services they rely on — and notice its absence the moment something goes wrong — so resilience needs to be designed into the service experience, not bolted onto the perimeter.

The 2026 operating environment demands a whole-of-organisation posture. Escalating breaches, the AI "mythos moment," and an expanding regulatory landscape mean cyber accountability now stretches from the board to the SOC, and from policy through to operations — protecting people, data and services in equal measure.

Keynote: Building a Resilient Cyber Nation

Emma Bickerstaffle, Director Cyber Defence Operations, NCSC

Five enduring threat judgments now shape every agency's risk picture. Across 6,000 incidents reported to the NCSC in FY24–25, the same five patterns keep recurring: state-sponsored actors (with the PRC the most pressing threat), commercialised and AI-supercharged cybercrime, hacktivism tied to NZ's geopolitical positions, supply-chain compromise, and unpatched/weak-identity fundamentals — meaning leaders should map their controls against all five, not just the one that made last week's headline.

Cybersecurity has shifted from "be prepared" to "be agile" — and the basics still carry the load. With ransomware-as-a-service, AI-driven attacks compressing time-to-compromise to under an hour, and a move from encryption to public data-leak extortion, resilience now depends on adapting faster than adversaries. Yet the NCSC's case data shows the highest-leverage defences remain the fundamentals: strong MFA, credential hygiene, patching, and configuration discipline applied consistently across the whole environment.

The 2026–2030 NZ Cybersecurity Strategy and frontier-AI guidance give agencies a clear next-step roadmap. A new incident-reporting portal (early 2027), more consistent cross-government minimum standards, expanded malware-free network and vulnerability insights services, and Five-Eyes-coauthored guidance on agentic and frontier AI (e.g. Mythos) mean public-sector leaders should: report incidents to NCSC, align procurement and AI adoption with the responsible-use framework, and treat the action plan to 2027 as the baseline against which to benchmark their own programs.

Presentation: Identity as the Cornerstone of National Cyber Resilience

Frank Briguglio, Global Government CTO, SailPoint

The identity question has shifted from "who can act" to "what can act." With APIs, machine identities, and AI agents — some of which spawn other agents and cross network or jurisdictional boundaries — the workforce-user model no longer covers the risk surface. Agencies need to treat identity as a governance and operational problem, not a technical inventory, and extend the same lifecycle, ownership, and accountability standards they apply to staff to every non-human actor in the environment.

Blast radius — not entry point — is the real measure of identity risk. A user or agent may look low-risk in one system and highly privileged in another once trust crosses agency, cloud, or partner boundaries. Resilience comes from understanding effective access (right-sized, time-bound, monitored, with clear ownership), shortening standing privilege, and feeding identity context into the SOC so alerts can be assessed against what the actor can actually affect, not just where they logged in.

Use the ISM and NIST CSF 2.0 as a Five-Eyes-aligned blueprint for continuous assurance — and govern the AI you adopt as carefully as the AI attacking you. "You can't protect what you can't see, and you can't govern what you can't tie to ownership." Build the baseline (govern), automate the controls, monitor continuously, and generate audit evidence as a continuous output rather than a once-a-year exercise. The same discipline applies to AI tooling itself: speed does not replace accountability, and unsupervised automation has already caused real-world incidents (e.g. AI agents deleting databases instead of remediating them).

Fireside Chat: Critical Infrastructure in Focus and Preparing for Tomorrow's Threats

Derek Robson, Former Chief Information Security Officer, New Zealand Parliament;

Amelia East, Major Project Director (Government), HSE Consulting

Cybersecurity has to be a core design requirement on critical infrastructure projects — not a line item on the risk register. Both panellists agreed that an item parked on a risk register is effectively an unmanaged risk. Mega-projects with 10-year build horizons currently treat cyber as a late-stage compliance check (if at all), which is why incidents land as "defects" near go-live. The fix is shift-left: embedding cyber alongside engineering, legal, and finance from project kickoff, with controls written into requirements (NZISM, NIST CSF 2.0) the same way safety and procurement standards already are.

Supply-chain resilience requires inherited standards down the full stack — and a serious conversation about sovereignty. New Zealand's services rely on 3–6 hidden layers of suppliers (call centre → telco → switch vendor → spare-parts depot in another country), where contractual coverage typically stops at layer one. Agencies need cyber and resilience expectations that cascade through every tier, plus contingency for alternates. With most software, cloud, hardware, and AI sourced offshore, the panel sees a 5–10 year shift toward onshoring critical components as geopolitical risk rises — a reset for procurement, regulation, and capital planning.

The biggest blockers are language, incentives, and recognition — not technology. Cyber specialists struggle to translate their work into the business context project boards, ministers, and chief executives use to make trade-offs. Agencies need "cyber whisperers" who frame controls as project enablers, leadership willing to back non-tangible prevention work (which, like NCSC's $47.9M of prevented loss, rarely earns the same praise as crisis response), and delegated authority pushed down to the people closest to the decision. Prevention has to be rewarded as visibly as the heroics that follow a breach, or the same risks will keep slipping through the same gaps.

Keynote: Strengthening Cyber Resilience with Adaptive Risk & Assurance

Hassham Idris, Manager Cyber Risk and Assurance, Ministry of Justice

The point of risk and assurance isn't the artefacts — it's giving business owners what they need to make risk-informed decisions. Large public-sector organisations have drifted into compliance theatre: heavy point-in-time C&A exercises that go out of date the day they're signed, no triage to match assurance effort to system value, and risk data buried across manual documents. The real value of GRC sits at the intersection of the security artefacts and the business owner's view of their own accountabilities — leaders should ask whether their current process is generating that intersection, or just generating paperwork.

A governance + lifecycle + technology stack can cut assurance effort by ~27% and surface a near-real-time risk picture. MoJ's three-to-four-year transformation combined a true governance committee (kept on COBIT's evaluate/direct/monitor rails, not dragged into ops), a continuous PDCA security lifecycle program with annual funding, redesigned core processes (triage, remediation, enterprise control testing), and a purpose-built GRC platform integrated with EA, CMDB, and Azure DevOps. Enterprise-wide control testing at the platform/service layer (e.g. M365 → Defender → Defender for Endpoint) lets application-level audits assess only the delta, removing duplicated control work across hundreds of systems.

Process and people come before the technology — and outcomes come before the mechanics. Hasham's five hard-won lessons: start with a clear vision of "what good looks like" for your maturity; learn from peer agencies before repeating their mistakes; challenge the status quo but be patient with BAU resistance; fix the process before automating (automating a bad process just multiplies the problem); and choose tooling that integrates, adapts to multiple frameworks (ISO, NCSC, NZISM), and is easy enough that stakeholders actually engage with their own dashboards. Public-sector GRC leaders looking to modernise should sequence their roadmap in that order, not start with a tool selection.

Industry Insights: Regulating in a Security Race: Calibrating Cyber Architecture for National Resilience

Nicole Henry, Head of Government Affairs Australia and New Zealand, Fortinet

• Threats now move at machine pace while institutions move at human pace — and that gap is where exposure turns into impact. Cybercrime is already costing New Zealand around $1.6B a year, and Fortinet's 2026 threat landscape telemetry shows 640B reconnaissance events, 122B exploitation attempts, 4.62B stealer logs traded on darknet markets, and confirmed ransomware victims up 389% year-on-year. Attackers are increasingly logging in rather than breaking in — using valid credentials, AI-personalised phishing, and APIs as the execution layer. The defensive task has shifted from blocking obvious malice to governing when misuse looks like legitimate system behaviour, and from perfect prevention to "response-ready by design": assume compromise, build for detect-contain-decide-recover speed, and clarify authority so technical capability can actually be activated under pressure.
• Regulation has become part of the security fabric — its design will either accelerate resilience or quietly erode it. Cyber obligations now land on top of Privacy Act, Corporations Act, sector-specific rules, procurement, and incident-reporting requirements. Each is rational on its own, but stacked together they pull scarce capability into duplicated assurance rather than risk reduction — itself a resilience risk. The strongest frameworks sync up, not stack up: aligning product security, certification, compliance, and procurement; rewarding visibility, upgradability, and risk-based prioritisation; and building in adaptability for emerging threats. Quantum is the live example — Google has pulled its post-quantum cryptography migration forward to 2029, meaning quantum-readiness questions (vendor support, evidence refresh, lifecycle planning) belong on procurement and assurance roadmaps now, not at "Q-Day."
• AI is moving into the security operating model — and the workforce gap is becoming a governance gap.Fortinet's 2026 skills report shows 91% using or experimenting with AI-powered security tools, only 41% would trust AI to operate with limited human oversight, and 63% expect more AI oversight and governance roles. The implication for public-sector leaders: humans set intent, risk appetite, thresholds, and accountability — automation then executes at speeds humans can't match, but only where control visibility and governance are mature enough to make that supervision credible. Simplify fragmented control environments so teams and workflows move together, design risk out earlier through product security, procurement, and architecture, and invest in confidence, judgment, and governance capability alongside technical skill.

Panel: Smart, Fair, and Accountable: Getting AI Right in Government

Emma MacDonald, Director, Stats NZ; Colin Simpson, Professor, University of Auckland; Russell Craig, Independent Technology Expert and Advisor, Data Ethics Advisory Group (DEAG); Brett Williams, Senior Manager Solutions Engineering, SentinelOne

• Start with the problem, not the AI. The panel pushed back hard on the layered hype cycle — tech hype now amplified by executive FOMO — that is driving agencies to adopt AI before asking what outcome they're actually solving for. Whether the context is health, statistics, or frontline service delivery, the discipline is the same: define the problem first, confirm AI is the right tool, weigh the ethics in that specific context, and design for sensitivity, specificity, and real effectiveness so humans aren't spending more time cleaning up AI errors than the tool saves.
• Trust comes from meaningful transparency, generalised data sovereignty, and treating data as a steward — not an owner. Transparency isn't a 50-page privacy statement; it's meeting communities where they are with honest conversations about what their data is being used for, including whether it's feeding AI training. Māori data sovereignty principles — start with the human, understand the context and whakapapa of the data, distinguish tapu from noa data — generalise into a broader individual-sovereignty model that strengthens social licence across every community an agency serves. The ownership debate is largely a distraction: agencies are custodians of public data, and the productive frame is rights, roles, and responsibilities tied to ethics.
• Good governance is what lets you move fast safely — and the security basics still apply to AI. "Cars started going faster when Bertha Benz came up with brakes." Stand up governance, guardrails, and use-case guidance (Colin pointed to NICE-style playbooks as a model) before scaling AI; avoid concentration risk by not putting all workloads behind a single provider; and treat AI as a continuation of cyber fundamentals — CIA (confidentiality, integrity, availability), patch and privilege management, and supply-chain controls — extended to agentic systems. Recent Five-Eyes guidance on agentic AI and regulator letters to financial boards (e.g. APRA in Australia) give agencies practical expectations to align with now.

Industry Insights: From Data Breach to Data Trust: Securing Aotearoa's Information Assets

Chris Miller, Head of Cybersecurity Operations, Datacom; Shain Singh, Principal Security Architect APCJ, F5

• The attack playbook hasn't changed since 2011 — only its speed has — and "green dashboards don't equal resilience." The MetService DDoS during the 2011 snowstorm broke public trust the same way modern incidents do, and the NCSC's latest data shows the same techniques (and the same defences) at play today. Yet most agencies still operate on compliance posture: annual pen tests, SLA-driven patching, and audits that don't cover what went into production last Thursday. Real breaches keep landing through the basics — unpatched vulnerabilities, credential compromise, misconfiguration — alongside four widening blind spots: hacktivism, supply chain, operational technology exposure, and AI agents (privileged-by-default and insecure-by-default).
• Evolve to a proven security posture using three integrated, incrementally adoptable pillars. (1) Vulnerability Ops — DevOps-style continuous scanning, risk-based prioritisation, automated remediation pipelines, and SBOMs that surface the libraries actually entering the environment; the maturity target is "assume vulnerable" by default, with segmentation to contain blast radius. (2) Breach & Attack Simulation (BAS) — continuous, behaviour-based validation so readiness is evidenced, not assumed (the firefighter-drill analogy). (3) Foundations — identity first (NCSC's judgment #5: credential compromise is still the top initial access vector, and identity is a governance problem, not a tool problem — "don't automate poor decisions with expensive tools"), then web app + API security (90% of deployed apps expose APIs), then AI application security: LLM prompt injection, agent output validation, and protection of RAG pipelines.
• AI security challenges aren't new problems — they're old "don't trust the user" input-manipulation problems in new clothes — and organisational silos make them harder to solve. Shane (OWASP ML Top 10 project lead) reminded the room that adversarial ML attacks (stop signs that read as "go," adversarial clothing that defeats CCTV) predate LLMs by years; what's changed is that AI is now mainstream. The new exposures most agencies aren't talking about: RAG pipelines silently aggregating organisational IP into vectorised databases, agent integration points fanning out across data stores and downstream systems, and the structural reality that developers, DevOps, network, and security teams rarely speak the same language or move on the same timeline. The five-point action list: stop assuming and start proving, fix the fundamentals (MFA everywhere, patch the long tail), know your blind spots, get identity right, and share what you learn so the sector improves together.

Keynote: The Next Wave of Threats, Tech and Trust with the NZQA

Prashant Bakshi, Deputy Chief Executive Strategic and Corporate Services, New Zealand Qualifications Authority (NZQA)

• AI is not "just another IT tool" — and treating it that way is the single biggest leadership mistake in the public sector right now. NZQA's six years of pre-Gen-AI machine-learning work convinced Prashant that the gap between traditional IT and AI is the gap between Newtonian gravity and general relativity — and the gap between AI and Gen AI is general relativity to quantum mechanics. The "we managed cloud, we can manage this" reflex produces the wrong architecture, the wrong vendor choices, and the wrong governance. Leaders, architects, and security teams need to use these tools hands-on, not just attend conferences about them — "you can't govern what you've never touched."
• The vendor and IP environment is genuinely reckless — open the tap slowly. NZQA has seen vendors pitch with two-week-Python-course "data scientists," and one example where a partner had downloaded DeepSeek to a local server as if that constituted a control — Prashant's framing: "you can bring a nuclear missile home, but don't pretend it's a glow worm." The agency has already walked away from draft contracts that signed away IP rights to international vendors. As it phases its AI-marked-exam proofs of concept (a strong Ministerial priority under Minister Stanford), the disciplines that matter most: understand exactly which model is being used, govern outsource partners actively, retain IP in contract terms, and let evidence — not enthusiasm — set the pace.
• Shadow AI, unstructured data, and Māori data sovereignty are the three foundations that will make or break Gen-AI adoption — and the window to set them up is now. (1) Shadow AI is worse than shadow IT, because blanket "no AI" policies just push staff onto personal devices; agencies need to pave a fast-but-governed internal path before people route around them. (2) Most agencies apply bronze/silver/gold curation to structured data but leave 70%+ of their unstructured assets (PDFs, images, AutoCAD files, draft SharePoint reports) uncurated — meaning Copilot will confidently surface a draft-of-a-draft straight into a ministerial briefing. Extend the same lakehouse discipline to unstructured data, and segment access by user persona (data scientists, analysts, leaders, general staff). (3) Unlike previous tech waves, agencies have the chance to embed Māori data sovereignty from day one — use the GDD-sponsored self-assessment tool and stand up Māori and Pacific advisory groups before scaling. "Winter is not coming — winter is here."

Closing Panel: Cyber Security as the Backbone of Trust – Protecting Public Data

Adwin Singh, Cyber Security D/L – CISO Office, Inland Revenue; Derek Robson, Former Chief Information Security Officer, New Zealand Parliament; Sean Connelly, Executive Director, Global Zero Trust Strategy and Policy, Zscaler (formerly CISA, US Department of Homeland Security); Michael Webster, Privacy Commissioner

• The 2026 Privacy Survey shows the public wants control, not silence — and the Privacy Act is a "how-to," not a "don't-do." Newly released stats from the Office of the Privacy Commissioner: 82% of New Zealanders want more control over how their personal information is collected and used, two-thirds say protecting their personal information is a major concern, and two-thirds are concerned about agencies and businesses using AI to make decisions about people. The Commissioner's reframe for agencies weighing up data sharing: the Privacy Act actively enables it through mechanisms like Approved Information Sharing Agreements (AISAs), and the tragic Malachi Subecz case is the live example of what happens when agencies retreat into "we can't share" instead of asking "how do we share safely." Section 24 overrides should be the exception, not the default — talk to OPC first.
• Trust depends on user-centred design, honest incident response, and proportionate defences. Sean's CISA / Technology Modernization Fund experience showed that mission outcomes always followed user-experience-led modernisation, with security working frictionlessly in the background. When incidents do hit (and the panel agreed the industry now treats it as "when, not if"), good response is frequent honest updates rather than over-promised timelines — the panel cited a chief executive's public "fixed by the weekend" claim that every technical observer instantly knew was unrealistic. Plan, people, procedures: stress-test incident response with tabletop exercises that include legal counsel and partner exposure (environments are increasingly used as pivots into someone else's), and brief affected communities early enough that they can take protective action themselves. Calibrate defences proportionately — a GP-clinic health breach demands very different controls to a retail purchase-history breach.
• Identity is the centre of gravity — and "serving all of New Zealand" must drive the technology, not the other way around. Zero trust now operates as continuous, evidence-based session decisions rather than castle-and-moat allow/deny, and privacy-enhancing technologies (zero-knowledge proofs, selective disclosure) are the next horizon — visible already in the under-16 social media debate. New Zealand's digital identity journey through RealMe and the GCDO/GDD identity framework needs to start from a single consistent user experience across agencies, not from protocol choice (OAuth vs SAML). Critically, "the user" must include people without smartphones, without reading or hearing, without home internet, and communities with lower digital access — paper forms and counter services need to be designed in alongside apps. As Sean noted, frontier models like Mythos surfaced ~110 vulnerabilities in Mozilla's mature open-source codebase in a single pass (against a typical ~10/year), so agencies need to plan for both the defensive upside and the industrialised-attack downside. As the Commissioner closed: define your role as protecting public trust and confidence — not as "an IT systems engineer."