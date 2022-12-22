Credit: Dicker Data

Given the pace of change, scale of digitalisation and evolution of sophisticated new cyber threats, it’s no longer a matter of ‘if’ but ‘when’ an attack will strike.

According to Gartner, cyber security was the number one priority in A/NZ when it came to CIOs’ investment plans during 2022.

However, whether customers are fully equipped to deal with the aftermath remains up for debate. While some Kiwi customers are attempting to mitigate an attack’s impact on business operations, many still are not.

Dell Technologies APJ principal engineer and field chief technology officer lead, Arron Patterson, shared one of the biggest challenges customers face is lack of expertise.

“Businesses are maturing in their approach to cyber resilience and understand they need to plan to protect and recover an entire business process,” Patterson said.

“There are big gaps with lack of skills and expertise in the marketplace, and a confusingly broad range of interlocking products to appropriately protect the range of capability required to deliver each business process – so an equal effort is being allocated to ensure a fast and resilient recovery mechanism.”

Further, legacy applications and outdated infrastructure that don’t have the same cyber protections as newer counterparts, are creating vulnerabilities within a customer’s environment but also can be some of the hardest services to restore once compromised.

In the event of a cyber attack, customers need to have a plan on how they can restore their business operations as quickly as possible.

In addition to legacy apps, Vega Global sales director Stephen Ward pointed to financial considerations as a challenge for businesses. Defining the difference between the cost of a solution versus the cost to the business will become vital.

“Should a cyber attack occur and a data breach be made, most IT budgets don’t fully cater for this scenario at present,” he said.

Dicker Data’s Microsoft Security business development manager, Paul Caldwell, reflected the notion that lack of knowledge is the biggest challenge for partners.

According to Caldwell, there is a diverse level of cyber maturity amongst New Zealand partners. He says there is a need to shift the current belief that cyber resilience is threat protection to understanding that cyber resilience indicates an organisation’s ability to prevent, respond to and recover from cyber attacks.

“Cyber resilience requires security teams to move beyond strict threat prevention and to incorporate technologies that can mitigate the damage from sophisticated cyber threats like ransomware and insider attacks and recover data quickly after an attack,” Caldwell said.

This lack of understanding around cyber resilience presents another top challenge for businesses – knowing who to turn to in the instance of a breach.

“They all want to know but no one can help,” Caldwell continued. “Some mature IT partners have recognised this and provide a fully documented incidence response (IR) as well as IR retainers.”

Compliance risk and insurance

At the same time, customers are forced to deal with ever-changing compliance regulations that have caused wide-ranging implications for data ownership and cyber security insurance.



Regulatory compliance is now top of the agenda in the board room, Patterson said, due to increased focus from authorities across the globe.

As a result, it has become critical for partners to proactively safeguard themselves and their customers against a damaging attack that renders data unrecoverable, as insurance providers are now taking a far more conservative approach as well as increasing prices.

Ward highlighted businesses with a work from home (WFH) policy as an area of risk for management of cyber awareness. This spans personal devices and dual factor authorization, as well as cloud management of drives and access via home devices.

Furthermore, an area that all businesses that operate in New Zealand should be thinking about is the location of ‘the cloud’ and data sovereignty issues. Any data held outside of New Zealand is a concern for potential cyber threat weakness, and requires collaboration between public and private organisations to mitigate risk.

“A non-collaborative approach and businesses not adequately protecting themselves would be a very poor outcome for New Zealand,” Ward said.

Caldwell reflected the challenge of liability as a key issue that has arisen through navigation of cyber resilience strategies, again driving the importance for partners to have a incident plan alongside a recovery plan.

“Lack of planning and awareness combined with a lack of security resource has resulted in implementation of unsafe practices or shifting of responsibility to try and avoid liability.

“Vendors have long recognised that the reputation of their products is dependent on responsible implementation. Hence, we see more and more requirements for skilling and customer success being attributed to implementation partners.

“Cyber insurance is driving verification of controls and considering the IT provider’s track record in assessing risk. Business disruption must be minimised so insurance underwriters are requiring not just a documented tested incident plan but also a recovery plan,” Caldwell said.

Cyber insurance is a rapidly changing environment. Following proper business-led risk management will reduce the need to call on an insurer in the first place and assists in demonstrating to insurers that you understand and have adequately managed your risk resulting in lower premiums.

In the case of a breach, a resilience plan will limit the scope and breadth of the breach and reduce the risk of coverage not being provided due to complex policy exclusions being triggered.

Opportunities abound

Collaboration through strategic partnerships is the key to developing and creating a point of difference for New Zealand’s cyber security market and the prosperity of the country as a whole.



Considering the global skills shortage and the normalisation of remote work, local companies are now competing on a global scale for talent. Building relationships and strengthening partnerships with security firms will require a shift towards greater collaboration across the market.

Ward said “there is a real opportunity to work together and instead of seeing the supply of cyber tools as a competitive environment, seeing it as an opportunity to strengthen New Zealand’s cyber resilience through outsourcing.

“Data security knowledge sharing and collaboration will be the key to the entire country growing. I’d hope that New Zealand businesses could see this market as an opportunity to grow the ‘New Zealand brand’ in terms of being a tech hub and a safe place to do business.”

For Caldwell, cyber security is the key to enhancing productivity through reducing risk and increasing confidence. Partners can achieve this by reducing listening closely to customers to understand their needs and provide maximum value.

Positioning security as a key part of a partner’s service offering is where Caldwell expects the market to continue to evolve, alongside specialising in a particular vertical.

Specialisation allows partners to demonstrate an understanding of their customer’s business, its challenges, and better communication of how their offering meets those challenges.

“The New Zealand market is transitioning from generalist IT resellers to vertical industry focused specialists,” Caldwell said.

“The most successful partners are going to market with a bundled offering which should include a cyber resilience offering that is implemented correctly.”

Dell Technologies channels APJ multi-cloud and APEX lead, Damian Murdoch, also sees a large opportunity and market demand to define and execute against cyber resiliency as-a-service.

“The skills of not only understanding cyber regulations but then translating that into technology solutions delivering outcomes is mostly beyond the means and core business of the customer base,” he said.

“Partners have the opportunity to leverage those skillsets together to create profitable, repeatable outcomes for their customer base that deliver security and peace of mind.

“Every project will have to include a mandatory security component and cyber resiliency program of works which in the past hasn’t always been the case. The market will continue to grow in size and complexity and skillsets will continue to evolve, as will legislation.”