Good Security

Insights

What we'd want to know if we were running your business

These 17 live articles help New Zealand businesses understand what has changed, why it matters commercially, and what a sensible response looks like.

Book a Free Consultation Take the 2-Minute Security Scorecard

Start With What Matters

You do not need to read everything. Start with the business challenge that already feels real

These are the four reading paths most business owners actually need.

Customer questionnaires and weak due diligence answers

Start here if customers, procurement teams, or partners are already exposing uncertainty.

Five security gaps that keep showing up in NZ businesses

The same five security gaps keep showing up in NZ businesses. None of them are technology problems.

17 Feb 2026 14 min read

Your MSP Isn't Your Security Team

MSPs handle infrastructure. Security ownership covers risk, policy, reporting, and incident command. Here is where the line sits and how both roles work together.

30 Jan 2026 14 min read

Cyber insurance pressure and harder underwriting questions

Use these when insurers are forcing the issue before the business feels ready.

5 things your cyber insurer will ask you

Cyber insurance applications are getting harder. Here are the five questions every NZ insurer asks and how to prepare.

5 Feb 2026 5 min read

Three controls that get cyber insurance declined

MFA, backup testing, and incident response plans — the three controls NZ insurers check first. Here is what they expect and where businesses fail.

3 Mar 2026 15 min read

Privacy and compliance obligations that are getting uncomfortably real

This is the cluster to read when Privacy Act, IPP 3A, or cross-border data handling is starting to matter.

IPP 3A starts May 2026. You need a process

IPP 3A changes the rules for referrals, background checks, partner handoffs, and any other indirect collection. What NZ businesses need to fix before 1 May 2026.

7 Mar 2026 7 min read

If the Privacy Commissioner contacts you

A practical guide to how the Office of the Privacy Commissioner investigates, what evidence they ask for, and what NZ businesses should have ready before a complaint lands.

27 Feb 2026 14 min read

Strategic ownership, governance, and the missing security operating model

Read these when the real gap is strategic ownership, governance, or deciding what model fits.

You don't need a full-time CISO. You need a real owner

A full-time CISO costs $180K–$280K+. For a 10-to-500-person NZ business, that's the wrong question. Here's what it costs to put a real security owner in the seat without hiring an executive.

10 Feb 2026 5 min read

The Cybersecurity Missing Middle for NZ Businesses

Full-time CISOs cost $200K+. MSPs do not cover ownership, reporting, or evidence. Big consultancies are too slow. Here is the missing middle most NZ businesses have not considered.

16 Jan 2026 15 min read

Featured insight

Compliance

IPP 3A starts 1 May 2026 — the NZ checklist

If your business gets personal information from referrals, recruiters, brokers, or partner systems, this is the practical checklist to get ready before 1 May 2026.

28 Mar 2026

15 min read

Read article

Practical Security

12 min read

Your cyber insurance renewal — what changed in 2026

NZ cyber insurance requirements have shifted dramatically. Here is what underwriters are demanding in 2026 and how to prepare before your renewal.

14 Mar 2026

Compliance

9 min read

Using cloud services? Here's what IPP 12 means for your data

IPP 12 governs cross-border disclosure of personal information. Here is what NZ businesses using cloud services need to know.

7 Mar 2026

Compliance

7 min read

IPP 3A starts May 2026. You need a process

IPP 3A changes the rules for referrals, background checks, partner handoffs, and any other indirect collection. What NZ businesses need to fix before 1 May 2026.

7 Mar 2026

Practical Security

15 min read

Three controls that get cyber insurance declined

MFA, backup testing, and incident response plans — the three controls NZ insurers check first. Here is what they expect and where businesses fail.

3 Mar 2026

Compliance

14 min read

If the Privacy Commissioner contacts you

A practical guide to how the Office of the Privacy Commissioner investigates, what evidence they ask for, and what NZ businesses should have ready before a complaint lands.

27 Feb 2026

Practical Security

14 min read

The 10-minute security check every owner should do

Five simple questions that reveal your biggest security gaps. No jargon, no tools required — just 10 minutes and honest answers.

24 Feb 2026

Compliance

14 min read

Government contracts stuck on NZISM questions

Government agencies are pushing NZISM requirements down to suppliers. How to scope what actually applies, avoid the six-figure panic, and get ready for the procurement conversation.

21 Feb 2026

Practical Security

14 min read

Five security gaps that keep showing up in NZ businesses

The same five security gaps keep showing up in NZ businesses. None of them are technology problems.

17 Feb 2026

Practical Security

13 min read

Security Policies That Hold Up Under Pressure

Template policies do not protect the business if they are stale, generic, or untested. Here is what a living policy set looks like and how to spot the difference.

13 Feb 2026

Governance

5 min read

You don't need a full-time CISO. You need a real owner

A full-time CISO costs $180K–$280K+. For a 10-to-500-person NZ business, that's the wrong question. Here's what it costs to put a real security owner in the seat without hiring an executive.

10 Feb 2026

Governance

5 min read

Virtual CISO vs full-time hire — the real NZ cost

A full-time CISO costs $180K-$280K+. A Virtual CISO delivers the same outcomes from $1,750/month. Here's the honest comparison.

10 Feb 2026

Compliance

14 min read

Healthcare providers — the HIPC gap your MSP doesn't cover

HIPC and IPP 3A create privacy and notification work around patient information that normal IT support does not own. Here is what to close before 1 May 2026.

6 Feb 2026

Practical Security

5 min read

5 things your cyber insurer will ask you

Cyber insurance applications are getting harder. Here are the five questions every NZ insurer asks and how to prepare.

5 Feb 2026

Governance

14 min read

Your MSP Isn't Your Security Team

MSPs handle infrastructure. Security ownership covers risk, policy, reporting, and incident command. Here is where the line sits and how both roles work together.

30 Jan 2026

Governance

14 min read

Monthly Security Support for a 50-Person Business

A month-by-month look at what changes when a 50-person NZ business gets external security support: ownership, policies, response plans, and reporting.

23 Jan 2026

Governance

15 min read

The Cybersecurity Missing Middle for NZ Businesses

Full-time CISOs cost $200K+. MSPs do not cover ownership, reporting, or evidence. Big consultancies are too slow. Here is the missing middle most NZ businesses have not considered.

16 Jan 2026

What Happens Next

Need to turn one of these issues into a real plan?

Use the 2-minute scorecard for a fast benchmark. Book a working session when customer questions, insurer pressure, privacy obligations, or leadership scrutiny are already live.

Book a Free Consultation Take the 2-Minute Security Scorecard