The New Zealand Office of the Auditor-General has initiated a thorough investigation into the governance of cybersecurity risks across select public entities, as outlined in its 2023/24 strategy.
This probe underscores the critical importance of cybersecurity measures in safeguarding essential public sector information infrastructure.
This investigative audit will scrutinise the efficacy with which a varied group of public organisations manages cybersecurity risk readiness and response mechanisms. Selection criteria for these organisations included diversity in their operational scope, size, and geographical presence to ensure comprehensive coverage.
The audit aims to highlight best practices and drive enhanced cybersecurity risk management governance across the public sector.
With the evolution of technology, managing cybersecurity risks has become increasingly complex. The audit will address how these organisations are prepared for both existing and nascent threats that stem from outdated systems and the advent of new technologies like generative AI, cloud computing, and various service-based digital offerings.
Key areas of focus for the audit include the effectiveness of cybersecurity risk governance within the chosen public entities. This involves assessing how well these entities identify, comprehend, and mitigate cybersecurity risks and vulnerabilities to their data and/or services.
Additionally, the audit will evaluate the processes in place for enabling, overseeing, and reviewing cyber security risk management strategies within these organisations.
The ultimate goal of the Office of the Auditor-General is to reassure both the New Zealand Parliament and its citizens about the governance of cybersecurity risks within its public institutions. Through identifying and promoting effective cybersecurity management practices, the audit seeks to bolster governance in this critical area.
Following the audit's completion, a detailed report will be presented to Parliament and made available on the auditor-general's website by the end of 2024. The office invites public interaction regarding the audit through a dedicated feedback form on its site, welcoming questions, suggestions, or discussions related to the audit's scope and objectives.
A recent survey revealed that New Zealanders want stricter penalties for companies facing cybersecurity breaches, with a majority of respondents claiming that the current maximum fine for such breaches is too lenient.
