Cyber incident activity in New Zealand increased over the December–January period

While root causes are still emerging, the pattern reinforces a clear message: now is the time to lift vigilance, validate exposure, and ensure third-party risks are actively managed.

Three actions to prioritise now:

1. Increase threat awareness across the organisation
2. Validate exposure and address visible weaknesses
3. Strengthen third-party risk management and response readiness

Cyber resilience is not about preventing every incident — it’s about being ready to respond and recover.

Increased Incident Activity in New Zealand

New Zealand organisations and their customers. As is always our position at DEFEND, we do not comment on active incidents until full review and analysis has been completed.

However, the volume and visibility of recent incidents provide a timely opportunity for organisations to review their own posture, exposure, and
readiness.

This update focuses on practical actions, not technical detail.

1. Threat Awareness: Lift the Baseline

An increase in incidents does not automatically indicate a coordinated campaign targeting New Zealand. However, it does justify heightened vigilance.

Organisations should ensure that:

• Monitoring is operating as expected
• Security teams are prepared for increased alert volumes
• People remain alert to unusual emails, calls, or messages

Threat awareness is about readiness, not alarm.

2. Exposure Awareness: Reduce the “Obvious Targets”

After incidents, public commentary often highlights potential weaknesses.
areas of focus for attackers.

Regardless of whether these are confirmed causes, they can quickly become areas of focus for attackers.

Organisations should review:

• Website and web server security, including baseline controls and configuration
• Certificates and encryption, ensuring trusted certificates and appropriate standards
• DNS settings, including removal of unused records and use of DNS security
• Email security, including SPF, DKIM, DMARC and, where supported, MTA-STS

These areas are highly visible and commonly targeted. Addressing them reduces
unnecessary exposure.

3. Third-Party Risk: A Shared Responsibility

Recent incidents again highlight how dependent organisations are on third parties.

It is important to ensure that:

• Key suppliers have been assessed for impact and risk
• Monitoring and assurance are ongoing, not one-off
• Response plans for third-party compromise are understood and tested

Third-party risk management is no longer a box-ticking exercise — it directly affects resilience.

Supporting People: Staff and Customers

Periods of increased incident activity naturally raise concern, even for those not directly affected.

This is an opportunity to:

• Reassure people about how data is protected
• Share practical guidance on personal cyber safety
• Reinforce shared responsibility for good cyber hygiene

Simple steps — such as checking exposure through Own Your Online or Have I Been Pwned, enabling strong authentication, and keeping devices updated – make a real difference.

Final Thought

The key question is no longer “Can incidents be avoided?” It is “Are we prepared to respond and recover if they occur?”

Cyber resilience is built through preparation, visibility, and tested response — long before an incident happens.

If you would like support reviewing exposure, validating controls, or testing response readiness, DEFEND is happy to help.