STRATEGIC CYBERSECURITY ADVISORY · AOTEAROA NZ

Senior-level advisory for organisations that have outgrown compliance checklists but don’t need Big 4 overhead.

Strategic Signals

Monitoring the frequency of incidents across Aotearoa New Zealand where operational risk has transitioned into direct business failure.

MAY 2026

Brinks New Zealand

Major poultry processor listed on darknet leak site. Disruption underscores the fragility of food supply logistics.

MAY 2026

University Canvas Hack

Global breach via Instructure: ShinyHunters. Impacted 9,000 schools.

FEB 2026

MediMap Incident

Integrity breach where medication records and demographic data were tampered with.

JAN 2026

McKay (Whangārei)

Listed by Mnt6 group. Highlights critical contractor vulnerabilities and unauthorized device-level access.

JAN 2026

Langley Twigg Law

300GB of client files and passport scans exfiltrated by Anubis group. Significant exposure.

DEC 2025

Manage My Health

120,000+ patient documents compromised. Proves compliance is not a substitute for resilience.

OCT 2025

Qantas Data Incident

Records of 5.7 million customers exposed via Scattered Spider. Perimeters have limits.

MAR 2024

Nissan Australia & NZ

Impacted 100k+ individuals. Akira group published sensitive identity documents on the dark web.

Operational risk is business risk.

Senior Architectural Authority Direct translation of technical risk into business impact for Boards and SMEs across Aotearoa.

AI-Augmented Risk Compounding Rapid GenAI adoption is compounding unaddressed legacy risks. Strengthening Data Governance is no longer optional.

Pragmatic Gap Analysis Moving beyond checkbox compliance with STAR and PROBE methodologies that surface operational gaps.

“Direct financial losses reported to the NCSC totalled $12.4 million in Q3 2025: a 118% increase from the previous quarter.” NCSC Q3 2025 Cyber Security Insights

“The gap between how quickly leaders believe they can recover and how long recovery actually takes is a preparedness problem.” Collin Penman, CISO, Datacom (April 2026)

“Cyber incidents now carry direct consequences for real-world activities, not just data.” NZ Cyber Security Strategy 2026-2030