Skills shortage grips NZ critical organisations


By Dylan Bushell-Embling
Thursday, 01 November, 2018


Skills shortage grips NZ critical organisations

More than half of New Zealand’s nationally significant organisations have a shortage of skilled security staff, and only 63% have a dedicated cybersecurity incident response plan.

These are among the findings of New Zealand’s Government Communications Cybersecurity Bureau’s first benchmark assessment (PDF) of the cyber resilience of 250 such organisations.

The report found that while 73% of organisations have increased their spending on cybersecurity, there has been a focus on tools and vulnerability assessment at the expense of hiring more people.

The assessment shows that only 45% of the organisations surveyed have invested in hiring more security staff in the past 12 months, while 54% have invested in IT staff training. By contrast, 70% have invested in new security tools, 61% in vulnerability assessments and 55% in security audits.

As a result, 52% of organisations report having insufficient skilled staff for their security requirements.

In addition, only 38% of organisations surveyed had some form of separation between their cybersecurity and general IT budgets, leaving cybersecurity budgets at risk of being cannibalised for non-security-related IT projects.

This lack of separation also extends to roles, with only 38% of organisations reporting having full-time IT security staff, and only 19% of organisations having a dedicated chief information security officer.

The increased spending on cybersecurity has also not necessarily translated to increased confidence in cybersecurity resilience. The assessment found that 41% of the nationally significant organisations are only mildly confident or not confident in their ability to detect an intrusion.

The report also shows that only 63% of the organisations have a dedicated cybersecurity incident response plan, and of these, 33% have not tested it in the past year.

“The survey is the first of its kind in New Zealand and provides a useful benchmark for cybersecurity resilience across New Zealand’s nationally significant organisations,” GCSB Director-General Andrew Hampton said.

“Overall it appears that digital transformation is outpacing investment in cybersecurity and as a result we found a range of resilience levels. While most organisations are heading in the right direction, more work needs to be done to improve cyber resilience across the board.

Meanwhile, the GCSB has updated the New Zealand Information Security Manual (NZISM) for government departments to include new controls and a section on power filters, as well as clarification around waivers and exceptions to the manual’s requirements.

Image credit: ©stock.adobe.com/au/robsonphoto

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.

Related News

DTA considering TDIF privacy legislation

The DTA is exploring ways to enshrine the privacy requirements of the Trusted Digital Identity...

NT child protection workers receive tablet devices

Frontline child protection workers are receiving mobile tablet devices to help them create safer...

NZ's OPC to move data to Azure servers

New Zealand's Office of the Privacy Commissioner has arranged to store its application and...


  • All content Copyright © 2018 Westwick-Farrow Pty Ltd