New Zealand’s insurance sector is being urged to reconsider its approach to cybersecurity, as industry experts highlight the growing limitations of prevention-focused strategies.
The National Cyber Security Centre (NCSC) recently released its Cyber Security Insights report for the second quarter of 2025 (Q2 2025), revealing ongoing challenges for New Zealand businesses. The NCSC recorded 1,315 cyber security incidents between April and June, with scams and fraud remaining the most frequently reported threats.
Shift from prevention to resilience
In an exclusive interview with TechDay, Brett Chase, senior director of sales engineering for Australia and New Zealand at Cohesity, addressed the changing landscape, noting that the unpredictability and complexity of cyber attacks now demand a broader focus on resilience.
He described how cyber incidents have become more sophisticated, often remaining undetected until significant harm has occurred.
“Cyber attacks are not linear. They’re not like someone deleting a file or a server going down. They’re unpredictable, widespread, and often invisible until it’s too late,” Chase said.
Chase, who has worked in data management and security for over two decades, observed that the sector has moved from traditional backup and recovery to more comprehensive resilience frameworks.
Legacy systems under scrutiny
According to Chase, the industry’s perspective on backup systems began to change around 2015, following a series of high-profile breaches. He explained that while backups were once considered secure, attackers now target both primary and backup data.
“The backups were historically protected behind the IT department’s walls, which made them seem secure. But attackers now target not just your primary data but your secondary data – the backups,” he said.
Collaboration across the ecosystem
Chase described cyber resilience as a collaborative effort, involving partnerships with global technology firms and regional integrators.
“No one vendor can solve this alone. We’re the leader in our space, but our power comes from how we integrate with others,” he said.
He also highlighted the need for closer cooperation between infrastructure and security teams, noting that both disciplines must align to ensure effective recovery and prevention.
Market trends and future challenges
Chase reported that Cohesity has seen increased demand from mid-market organisations in New Zealand, as awareness of cyber risks grows.
He pointed out that while larger enterprises are more likely to invest in resilience, smaller businesses remain vulnerable to attacks and are often targeted by cyber criminals.
A survey commissioned by the NCSC and conducted by The Research Agency found that 53% of New Zealand’s small and medium-sized enterprises (SMEs) experienced a cyber threat in the past six months, up from 36% the previous year.
The impact of artificial intelligence
Artificial intelligence is playing a larger role in both cyber attacks and defence strategies.
Chase noted that both sides are leveraging AI to gain an advantage, making data management and protection more critical than ever.
“Ultimately, it might be our AI fighting their AI. But what fuels AI is data. That’s why securing and managing data is more important than ever,” he said.
He concluded that the responsibilities of technical advisors are expanding, with clients increasingly seeking guidance on navigating the evolving threat landscape.
“Data will be the core. How we manage and protect it will define how well we handle what's coming,” Chase said.
Insurance Business NZ
