Research & Reports

What NZ's cyber leaders are actually dealing with.

In-depth research on how New Zealand organisations govern cyber risk. Perspectives from CROs, CISOs, and practitioners across the private and public sectors.

2026Industry ReportPublic & Private Sector

Cyber Resilience and Governance in New Zealand

Based on in-depth interviews and a practitioner survey across New Zealand's private and public sectors, this report captures how CROs, CISOs, and cyber practitioners are navigating risk appetite, board reporting, framework adoption, and the growing gap between compliance on paper and real organisational resilience.

Published by

Speculo

What's inside

  1. 1

    Foreword

    David Turner, CEO RiskNZ, and Kirsten Patterson MNZM, CEO Institute of Directors — on the state of cyber governance in Aotearoa.

  2. 2

    Chief Risk Officers

    Risk appetite, board reporting, and investment decision-making: what NZ CROs are prioritising and where the gaps are.

  3. 3

    Chief Information Security Officers

    Framework adoption, shadow IT, and how CISOs translate technical risk into governance language for executive teams.

  4. 4

    Cyber Practitioners

    Survey findings on maturity levels, leadership engagement, and the practitioner-to-governance gap across large NZ organisations.

  5. 5

    Sector Highlights

    Private sector vs public sector: a direct comparison of cyber posture, resourcing, board engagement, and confidence.

  6. 6

    Final Thoughts

    Chris Hawksworth, CEO, Speculo — on the gap between knowing and doing, and what comes next.

Speculo · 2026

Cyber Resilience and Governance in New Zealand

Public & Private Sector Edition

Free

Get the report

Enter your email and we'll send the PDF straight to your inbox.

Free. No spam.

Voices from the field

What NZ security leaders told us.

Too many people hit by breaches have chaos because they never planned for a bad day.
CISO, NZ Central Government Agency
There's a vast difference in capability and maturity across government. Everyone uses different providers and approaches, yet systems are increasingly interlinked — that's risky.
CIO, Crown Research Institute
One of the biggest risks is a cyber incident through that third party. It's critical that you've got clear accountability of management of cyber risks for third parties as well.
CRO, Financial Crime Manager, NZ Bank

See how Speculo helps NZ organisations close the gap.

Book a walkthrough and see the platform your peers are using to assess and manage cyber risk.

Get a demoSee the platform