Good Security

Insights

What we'd want to know if we were running your business

These 16 live articles help New Zealand businesses understand what has changed, why it matters commercially, and what a sensible response looks like.

Start With What Matters

You do not need to read everything. Start with the business challenge that already feels real.

These are the four reading paths most business owners actually need.

Customer questionnaires and weak due diligence answers

Start here if customers, procurement teams, or partners are already exposing uncertainty.

Five Security Gaps That Keep Showing Up in NZ Businesses

The same five security gaps keep showing up in NZ businesses. None of them are technology problems.

17 Feb 2026 14 min read

Your MSP Is Not Your Security Team — And That Is Okay

MSPs and virtual CISOs serve different functions. Here is where MSP responsibilities end, where security governance begins, and how both work together.

30 Jan 2026 15 min read

Cyber insurance pressure and harder underwriting questions

Use these when insurers are forcing the issue before the business feels ready.

5 Things Your Cyber Insurer Will Ask — And How to Have Answers Ready

Cyber insurance applications are getting harder. Here are the five questions every NZ insurer asks and how to prepare.

5 Feb 2026 5 min read

The Three Controls That Get NZ Cyber Insurance Applications Declined

MFA, backup testing, and incident response plans — the three controls NZ insurers check first. Here is what they expect and where businesses fail.

3 Mar 2026 16 min read

Privacy and compliance obligations that are getting uncomfortably real

This is the cluster to read when Privacy Act, IPP 3A, or cross-border data handling is starting to matter.

What NZ Businesses Need to Know About IPP 3A Indirect Collection Notification Before May 2026

IPP 3A takes effect 1 May 2026. Here is what indirect collection notification means for NZ businesses and how to prepare.

7 Mar 2026 7 min read

What Happens When the Privacy Commissioner Comes Knocking — And How to Be Ready

Privacy complaints in NZ surged 21% last year. Here is how the Office of the Privacy Commissioner investigates and what evidence you need to have ready.

27 Feb 2026 14 min read

Leadership, ownership, and the missing security operating model

Read these when the real gap is strategic ownership, governance, or deciding what model fits.

Virtual CISO vs Full-Time Hire: The Real Cost Comparison for NZ Businesses

A full-time CISO costs $180K-$280K+. A Virtual CISO delivers the same outcomes from $1,750/month. Here's the honest comparison.

10 Feb 2026 5 min read

The Cybersecurity Missing Middle — Why NZ Small Businesses Are Trapped Between Bad Options

Full-time CISOs cost $200K+. MSPs do not cover governance. Big consultancies are too slow. Here is the option most NZ small and mid-sized businesses have not considered.

16 Jan 2026 15 min read

Featured insight

Compliance

IPP 3A Is 60 Days Away — A Plain-English Checklist for NZ Businesses

The Privacy Amendment Act 2025 takes effect on 1 May 2026. Here is your practical, step-by-step checklist to prepare for IPP 3A compliance.

28 Mar 2026

15 min read

Read article

Practical Security

12 min read

Your Cyber Insurance Renewal Is Coming — Here Is What Changed in 2026

NZ cyber insurance requirements have shifted dramatically. Here is what underwriters are demanding in 2026 and how to prepare before your renewal.

14 Mar 2026

Compliance

9 min read

Using Cloud Services? Here is What IPP 12 Means for Your Data

IPP 12 governs cross-border disclosure of personal information. Here is what NZ businesses using cloud services need to know.

7 Mar 2026

Compliance

7 min read

What NZ Businesses Need to Know About IPP 3A Indirect Collection Notification Before May 2026

IPP 3A takes effect 1 May 2026. Here is what indirect collection notification means for NZ businesses and how to prepare.

7 Mar 2026

Practical Security

16 min read

The Three Controls That Get NZ Cyber Insurance Applications Declined

MFA, backup testing, and incident response plans — the three controls NZ insurers check first. Here is what they expect and where businesses fail.

3 Mar 2026

Compliance

14 min read

What Happens When the Privacy Commissioner Comes Knocking — And How to Be Ready

Privacy complaints in NZ surged 21% last year. Here is how the Office of the Privacy Commissioner investigates and what evidence you need to have ready.

27 Feb 2026

Practical Security

14 min read

The 10-Minute Security Check Every NZ Business Owner Should Do This Weekend

Five simple questions that reveal your biggest security gaps. No jargon, no tools required — just 10 minutes and honest answers.

24 Feb 2026

Compliance

15 min read

Government Suppliers: NZISM Compliance Does Not Have to Cost $100K

NZISM requirements are increasingly flowed down to government suppliers. A practical, scope-driven path for small and mid-sized NZ businesses without an enterprise budget.

21 Feb 2026

Practical Security

14 min read

Five Security Gaps That Keep Showing Up in NZ Businesses

The same five security gaps keep showing up in NZ businesses. None of them are technology problems.

17 Feb 2026

Practical Security

14 min read

Why Most Security Policies Are Useless — And What to Do Instead

Template policies that sit in a drawer do not protect your business. Here is what living, evidence-based security policies look like and why they matter.

13 Feb 2026

Leadership

5 min read

Virtual CISO vs Full-Time Hire: The Real Cost Comparison for NZ Businesses

A full-time CISO costs $180K-$280K+. A Virtual CISO delivers the same outcomes from $1,750/month. Here's the honest comparison.

10 Feb 2026

Compliance

15 min read

Healthcare Providers: The HIPC Requirements Your MSP Is Not Covering

The Health Information Privacy Code demands more than infrastructure security. Here are the governance gaps your managed service provider cannot fill.

6 Feb 2026

Practical Security

5 min read

5 Things Your Cyber Insurer Will Ask — And How to Have Answers Ready

Cyber insurance applications are getting harder. Here are the five questions every NZ insurer asks and how to prepare.

5 Feb 2026

Leadership

15 min read

Your MSP Is Not Your Security Team — And That Is Okay

MSPs and virtual CISOs serve different functions. Here is where MSP responsibilities end, where security governance begins, and how both work together.

30 Jan 2026

Leadership

15 min read

What a Modern Security Programme Actually Looks Like for a 50-Person Company

Here is exactly what happens when a 50-person NZ company engages a virtual CISO — month by month, no jargon, real outcomes.

23 Jan 2026

Leadership

15 min read

The Cybersecurity Missing Middle — Why NZ Small Businesses Are Trapped Between Bad Options

Full-time CISOs cost $200K+. MSPs do not cover governance. Big consultancies are too slow. Here is the option most NZ small and mid-sized businesses have not considered.

16 Jan 2026

Need to turn one of these issues into a concrete next step?

Start with the 2-minute scorecard if you need a fast benchmark, then move to the detailed health check when you want a clearer gap view.

Book a Free Consultation Take the 2-Minute Security Scorecard