Navigating Cyber Risks: Applying Lessons from the Auckland Flood to NZ Business

The recent devastating floods in Auckland not only exposed the vulnerabilities of our infrastructure in the face of climate change but also shed light on the urgent need for New Zealand businesses to take cyber risks seriously. Just as our cities were unprepared for the torrential rain and flooding, many organisations are ill-equipped to handle the escalating threats of cyber attacks. My objective is to draw parallels between the Auckland flood and cyber risks, emphasising the need for Boards to be accountable and proactive in addressing cyber risk management concerns. Questions that need to be discussed and addressed in the Board room table are highlighted in this blog.

1. Infrastructure unpreparedness: The Auckland flood highlighted how our cities infrastructure was ill-prepared for the increased intensity of rainfall, worsened by climate change. Similarly, many businesses lack the necessary infrastructure and measures to protect their digital assets from cyber threats. How can boards ensure that their organisations have robust cybersecurity infrastructure in place to mitigate potential risks?

1. The cost of underestimating risks: The massive financial toll of the Auckland flood serves as a warning for organisations that underestimate the consequences of cyber risks. Just as the flood resulted in significant damage and financial losses, a cyber attack can have far-reaching financial implications for businesses. How can boards assess the potential financial impact of cyber risks and ensure that adequate resources are allocated to address them?

1. Need for strategic funding models: Upgrading infrastructure to cope with the impacts of climate change requires strategic funding models. Similarly, addressing cyber risks necessitates adequate investment in cyber resilience measures. How can boards develop funding models that prioritise cyber risk and ensure sustainable investments in protecting their organisations?

1. Designing resilient cities and systems: The concept of "Sponge Cities" offers valuable insights for businesses. By creating space for water beyond traditional infrastructure, cities can reduce flooding risks. Similarly, organizations need to design resilient systems that can absorb and mitigate the impacts of cyber attacks. How can boards promote a "safe-to-fail" approach in cybersecurity, fostering a culture of resilience and adaptation?

1. Rethinking development in risky areas: The issue of building in risky areas arises in both climate change adaptation and cybersecurity. Just as developing in flood-prone regions poses risks, neglecting cybersecurity measures leaves organizations vulnerable to attacks. How can boards assess and mitigate the risks associated with their organization's digital footprint, including supply chain vulnerabilities and data privacy concerns?

The Auckland flood serves as a stark reminder that organisations no matter what size must not adopt a "can-do" attitude when it comes to cyber risks. Boards of directors need to be accountable and proactive, ensuring that their organisations are adequately prepared to face escalating cyber threats. By learning from the lessons of the flood, New Zealand businesses can strengthen their cybersecurity infrastructure, foster a culture of resilience, and effectively navigate the evolving cyber risk landscape. The culture of denial or heads in the sand will not work. It’s not “an IT issue” and its not going away. In fact, it’s expected to get much worse once malicious actors starting using AI to broaden out their horizons. With increased vigilance and strategic investments, Boards can protect their organisations, maintain stakeholder trust, and contribute to the success of New Zealand's business ecosystem. My 2 cents managing cyber risk and enabling cyber resilience is a strategic measure for organisations in their growth strategy and long-term success and needs to be more than just a tick in the box and discussed in the Boardroom table.