“But to think a mandatory breach notification law is the silver bullet to cyber breaches is incorrect, although it is very good business for the compliance and insurance people.”
According to Ross, in citing global research, when such legislation is enforced through sizeable fines, businesses in fact do the “bare minimum” to meet the compliance standards in place.
“They don’t take a long-term approach in their cyber security strategy,” Ross added. “Attackers are becoming more sophisticated and we are of course becoming more connected, therefore more breaches will continue to grow with or without this law.
“This can’t be all the government does to protect New Zealand and its people, it will be a failure if it is.”
From a global perspective, worldwide spending on security-related hardware, software, and services is forecast to reach US$119.9 billion by 2021, triggered by new threats, increased regulations and digital investments.
Specific to the channel, more than 80 per cent of security spending during 2017 covered services and software, spearheaded by managed security services (US$15.25 billion) and integration services (US$12.5 billion).
“Cyber security breaches is a global issue that affect New Zealand organisations as much as it does international organisations,” Dimension Data head of security practice, Matthew Lord, told Reseller News.
“We believe that the proposed mandatory disclosure changes will have a positive impact, creating a level playing field of trust and a de facto minimum acceptable cyber security compliance requirement.”
Lord said the legislation would however mean that Kiwi organisations will have to increase overall maturity levels in the context of cyber security policies, processes and technologies.
“This is in order to avoid breaching their customer’s trust, or operating below acceptable cyber security standards should such a breach occur,” Lord explained.
“Dimension Data, part of NTT Group, has one of the largest cyber security companies in the world, and is already working with organisations to increase their level of cyber security maturity, including how they protect and respond to data breaches.”
As outlined by Plan B managing director, Ian Forrester, the digital economy and the resultant generation of data is growing "faster than ever before", with regulation "playing catch up".
“The world is moving to address this and if New Zealand is to remain competitive in an increasingly global economy, it will have to follow or risk getting left behind,” Forrester said.
“Australia has made the move to address data breaches so it is now only a matter of time before we do the same.
“When we do, penalties will have to apply if it is to have any impact so I would expect some significant changes in the way businesses operate, manage and protect their networks in the future, as this is the gateway to their most valuable asset, their data.”
Yet despite a channel consensus that change must be instigated at both government and business levels, challenges remain.
“Data breach notification is a very complex subject, it is double-edged and is not a silver bullet,” Datacom general manager of cyber security, Mark Ellis, told Reseller News.
“With that acknowledged, breach notification is an essential measure to meet our privacy and trust expectations (legal or morale).”
In looking ahead, Ellis said the government will need to "take care" to ensure that the processes defined deliver the outcome "everyone wants and needs" in New Zealand.
“As cyber risk continues to gain global visibility, having robust legislation will become an important component for international trade,” he added.
In 2018, Kiwi businesses will go to battle in the pursuit of recruiting cloud and security expertise, as the technology industry once again faces a skills shortage.
As digital transformation deployments increase across the country, coupled with potential new legislation, cloud and security will underpin board-level strategies in the next 12 months, as organisations seek both internal and external guidance.
“CCL remains very much client-focussed and ultimately in any data breach situation our focus is on what’s right for the client, and that may include notification,” CCL CTO, Jon Waite, added. “We believe all organisations should do the same.”