Last week, the National Cyber Security Summit returned to Tākina, Wellington, bringing together hundreds of delegates and a wide cross‑section of the cyber ecosystem — from government and critical infrastructure to enterprises, SMEs, vendors, advisors, and researchers. Delivered by us alongside Brightstar, across two packed days, the Summit delivered what it does best: informed perspectives, practical lessons, and the kind of real-world conversations that help strengthen New Zealand’s collective resilience.
A consistent message ran through the programme: cyber security is not just a technical risk. It is an existential business risk and a national resilience issue — and one of the few domains where every single person has a role to play. Whether you’re a board member setting risk appetite, a security leader managing controls, a supplier connecting into another organisation’s environment, or an everyday user making daily choices, cyber outcomes are shaped by people, process, and technology working together.
Key themes that stood out across the Summit:
- National resilience and the evolving threat landscape
The Summit opened with a strong strategic lens, focusing on what it takes to build resilience at a national and organisational level. Across sessions, the direction of travel was clear: threat actors continue to evolve, and the cost of inaction continues to rise. The conversation also reinforced the importance of treating cyber resilience as an ongoing capability — not a one-off project. - Visibility, identity, and governance as foundations
Many sessions returned to the foundational question: can you protect what you can’t see? From identity and access management through to governance, risk, and compliance, the Summit reinforced that strong security posture increasingly depends on clear accountability, good information, and the ability to make fast, informed decisions. - Incident response: practice, leadership, and communication
Incident response wasn’t framed as an “IT-only” activity. Speakers emphasised readiness and rehearsal, the importance of clear leadership during an incident, and the role of communication in maintaining trust — both internally and externally. The overall sentiment: plans matter, but practice and coordination matter more when pressure hits. - The human factor and the skills pipeline
The Summit also looked forward: attracting talent, building capability, and raising awareness. As threats scale and technologies change, the need for diverse skillsets — technical, strategic, operational, and communications — is becoming even more urgent.
This year also saw Digitising Government New Zealand run concurrently with the Summit. Its first year was a strong start — adding public sector transformation, trust, equity, and citizen‑centric delivery into the broader week of resilience conversations. The overlap between digital government and cybersecurity themes was clear and valuable. You can read our wrap-up on this event here.
A huge thank you to everyone who contributed to the Summit — our speakers, sponsors, partners, and delegates.
Sponsors:
Cyble; Veeam Software; Huntress; Zscaler; PwC New Zealand; Fortinet; KnowBe4; Cloudflare; ManageEngine Australia and New Zealand; NinjaOne; Datacom; HCLSoftware; Lumify Work New Zealand (formerly Auldhouse); Cisco; CyberCX; Arctic Wolf; Netskope; Mobile Mentor; Theta (NZ); Resilient IT; F5; netQ NZ; Insta Solutions Limited; Belkin; Oneconsult; Sydekick; Acronym IT NZ; Kordia; Blacklock Security; Middleware New Zealand; AdvantageNZ; Crest International; Palo Alto Networks.
Supporting org: Tech Users Association New Zealand (TUANZ)
Speakers:
Kendra Ross; Graeme Muller; Michael Jagusch; Kapil B.; Michael Webster; Eli Hirschauge; Philip Riley; Simon Burson; Robyn Campbell; David Allott; Joe Gillett; Sujith Immanuel Pellican; Harman Nagra; Etienne Lambert; Lee Faldo; Nicole Henry; Reece Appleton; Eric Swift; Giovanni Russello; Professor Monica Whitty; Anthony Cooke.
We’ll be sharing more commentary and reflections from the Summit in the coming weeks — including recurring themes we heard from attendees and what they mean for the year ahead.
If you’d like to continue the conversation later this year, join us at the Cybersecurity Risk Conference 2026 in Auckland this September — Register your interest here.