Cyber at speed: Building trust in a faster, riskier digital era

Cyber at speed: Building trust in a faster, riskier digital era

New Zealand’s National Cyber Security Centre recorded 133 incidents of potential national significance in the first six months of 2025. If that number represented floods or fires, it would dominate headlines. What must change for cyber to gain attention?

Many organisations in New Zealand are accelerating their digitisation efforts, and some are trialling artificial intelligence to boost productivity. Yet against a geopolitically complex backdrop, with rising state-linked activity and hacktivism, cyber investment is falling behind the pace of technological change.

Pace, complexity and the cyber gap

Once, organisations might have launched a new system every few years. Today, updates drop weekly and new features arrive at speed. AI adoption compounds complexity.

Too often, cyber is bolted on at the end as a compliance check. But think of cyber as the internal Lego connectors that hold a model together. You do not see the connectors, but they’re critical. If you skip them and try to add them after the build, the whole thing falls apart. That’s why secure-by-design approaches, continual monitoring and embedded security must be part of the design from day one.

The 2025 EY Global Cybersecurity Leadership Insights Study shows why this matters. In Oceania, just 12% of chief information security officers (CISOs) told us they are consulted early when strategic decisions are made.

 From cost to value

CISOs understand the challenge. Boards understand the consequences. But there are still strategic stakeholders who see cyber as expense rather than an enabler.

That’s partly because value can be hard to articulate. The EY study found 58% of CISOs in Oceania say it’s difficult to explain their contribution beyond risk protection.

Yet, when cyber is embedded early, it becomes the quiet engine of value creation. It fuels ideation, with one participant in our study noting “a secure digital space for our innovation lab allowed creative projects to thrive”. It elevates customer experience, with another explaining how an advanced security framework “allowed seamless scaling during peak business periods, reducing delays.” It strengthens reputation, as “customer complaints are resolved faster,” said a third.

These examples illustrate why every dollar invested in value-creation initiatives delivers a far greater return – generating outcomes 6.6 times higher than traditional security spend.

From lessons to levers

The EY research offers three lessons for New Zealand companies uplifting their cyber capabilities:

1. Reframe the cyber role: Don’t position cyber as an after-the-fact guardian. Operational teams need to see it as an enabler of transformation – the factor that lets projects go faster, scale safely and earn trust.
2. Quantify cyber’s value: Cyber isn’t just insurance. Globally, security functions add a median of US$9 million to each enterprise-wide initiative, typically accounting for 11–20% of the value created. Bring cyber in early and deliver more outcome for the same spend.
3. Build trust in AI adoption: New Zealand organisations are racing ahead with AI pilots, but only 42% of cybersecurity functions are meaningfully involved in helping other functions adopt AI. That leaves a big exposure. Every new tool, workflow or data feed needs cyber at the table from day one – or the risks compound faster than they can be managed.

Cyber isn’t a compliance task. It’s a capability multiplier. Embrace that, and New Zealand companies can turn today’s background risk into tomorrow’s competitive advantage.