A recent survey by Datacom reveals a concerning gap in cybersecurity preparedness among organizations in New Zealand and Australia. While many businesses express confidence in their cyber defenses, only a small percentage have formal recovery strategies in place to handle major cyber incidents effectively.
According to the findings, just 30% of New Zealand organizations have implemented a business continuity or cyber incident response plan. In contrast, a significant 73% of respondents reported strong visibility into risks, vulnerabilities, and compliance frameworks. Additionally, 78% stated they possess adequate internal resources to respond to cyber threats. However, this apparent confidence sharply contrasts with the lack of structured recovery planning, which leaves businesses vulnerable to prolonged disruptions.
“Organisations have invested heavily in monitoring and detection, but they are falling short when it comes to recovery, posing significant risk to operations. The priority now is not another dashboard but engineered resilience – from containment to stabilisation to rapid recovery,” said Mark Hile, Managing Director, Infrastructure Products, Datacom.
Furthermore, Hile emphasized that organizations must adopt well-rehearsed continuity plans, clearly defined decision-making processes, and measurable recovery timelines—not just detection capabilities.
“When an organisation can’t operate for days or weeks, the fallout is significant – customers lose access to essential services, supply chains stall, and trust in the brand erodes. Responding quickly enough to protect the people who rely on you is the part that needs far more attention,” Hile said.
Moreover, the survey highlights a critical misconception among business leaders regarding recovery timelines. Around 40% of respondents believe they can recover from a major cyber incident within a few days. However, real-world incidents often take much longer.
“The gap between how quickly leaders believe they can recover and how long recovery actually takes is not a technology problem; it’s a preparedness problem,” said Collin Penman, Chief Information Security Officer, Datacom.
Penman referenced a major example:
“An example of this is the 2025 ransomware attack at Jaguar Land Rover in the UK, which halted production for five weeks, with full recovery taking nearly five months. A plan that’s never been tested isn’t a plan – it’s a document. Resilience is built through realistic practice that creates muscle memory, so response becomes automatic, coordinated and fast,” Penman said.
The research also identified a similar pattern in Australia, where 77% of leaders expressed confidence in risk visibility, yet only 32% had continuity plans. This trend suggests that investments in monitoring and detection technologies continue to outpace recovery readiness across the Trans-Tasman region.
In addition, organizations still prioritize prevention strategies over recovery planning. Employee training emerged as the top cybersecurity focus in New Zealand, followed by data protection, threat detection, and governance. However, evolving threats—especially AI-driven phishing, deepfakes, and synthetic identity attacks—are accelerating attack timelines and increasing risks.
Finally, concerns around data sovereignty are growing, with over half of New Zealand organizations questioning where their data is stored and processed. At the same time, cybersecurity responsibilities remain concentrated within IT teams, contributing to rising burnout levels, reported by 43% of leaders.
Overall, the findings highlight an urgent need for organizations to shift focus from detection to resilience, ensuring faster recovery and stronger operational continuity in the face of evolving cyber threats.
Recommended Cyber Technology News:
- GitHub, Jira Emails Exploited for Stealth Phishing Attacks
- Oracle Enhances Aconex to Boost Project Visibility and Compliance
- MSBuild Abuse Enables Stealthy Fileless Windows Attacks
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
