Skip to main content
Submit RFP

      For New Zealand organisations

      Cyber security in 2026 reflects New Zealand’s distinctive mix of scale, connectivity and regulatory expectation. As organisations accelerate digital transformation and increase reliance on cloud, data and AI‑enabled technologies, cyber risk is no longer confined to IT. It is a leadership issue that cuts across operations, trust and resilience.

      Local leaders are navigating global threat dynamics alongside domestic realities, including supply‑chain exposure, heightened regulatory scrutiny and the resilience of critical services. Those responding most effectively are treating cyber security as a strategic enabler — strengthening trust, supporting innovation and embedding resilience across the enterprise, rather than managing risk in isolation.

      Cyber security considerations 2026 outlines eight priorities for leaders as cyber security becomes central to enterprise resilience and growth. Drawing on insights from KPMG cyber leaders globally and senior technology executives, the report highlights the evolving role of the CISO — not only in managing risk, but in helping organisations turn cyber challenges into opportunities for stronger performance and confidence in a more uncertain environment.

      Cyber security is no longer just about managing risk — it is central to how organisations build trust, enable innovation and strengthen resilience. In New Zealand, those that take a strategic, enterprise-wide approach will be better placed to navigate uncertainty and unlock long-term value.
      Philip Whitmore - Partner, KPMG Cyber
      Philip Whitmore
      woman highlighted in the crowd

      Cyber security considerations 2026

      Building trust and enabling innovation in a dynamic world

      Download the global report

      Explore eight key cyber security considerations for 2026

      For New Zealand organisations, these eight considerations highlight where cyber security leaders should focus as cyber risk increasingly shapes trust, resilience and long-term performance.

      • Preparing the cyber workforce for autonomous security

        As security becomes automated, agents are taking on more intelligence-driven tasks, in the security operations center (SOC), as well as compliance and risk management, and identity management. Autonomous security is set to play a critical role in identifying and monitoring non-human identity activity.

      • Navigating geopolitics, building resilience and compliance

        Both digital defenses and physical assets are threatened by potential attacks from hostile nations. Organisations should assess potential risks and use AI, automation, and analytics to streamline controls, speed up evidence collection, and boost regulatory compliance.

      • Safeguarding AI systems

        As AI becomes deeply embedded in enterprise operations, its security is emerging as a critical priority. Safeguarding AI is no longer a technical challenge alone, but a strategic imperative that intersects with compliance, trust, and operational resilience.

      • Managing non-human identities

        In increasingly digitised and automated environments, non-human identities such as AI agents, service accounts, and machine credentials now outnumber human users. Organisations must rethink identity governance to include the full lifecycle of both human and machine actors.

      • Enabling trusted IT/OT hyperconnectivity

        Embedded sensors, IoT devices, and fully connected environments are becoming commonplace. Aiming to secure hyperconnected systems demands a dynamic mesh architecture, clarity of ownership, and monitoring across cyber-physical boundaries.

      • Transitioning to post-quantum cryptography

        The transition to post‑quantum cryptography (PQC) is increasingly anticipated on a global scale and is unlikely to be avoided. Around the world, nations are implementing guidance and regulations to migrate encryption in order to manage quantum cyber risk. This will be a major challenge and, for sectors like finance and defense, an existential one.

      • Protecting the supply chain through detection and response

        Today’s complex supply chains create a vast digital attack surface that includes AI and a myriad of IoT devices. Organisations should extend the scope of third party risk management with continuous monitoring and oversight to maintain operational resilience.

      • Broadening the role and influence of the CISO

        The scope and responsibilities of the CISO continue to expand as security becomes more deeply integrated into business and operations, converging the cyber and physical domains. At the same time, CISOs must manage the opportunities and threats associated with widescale AI adoption.

      Our insights

      Transform your risk management strategy for the future by integrating AI
      Read more

      Explore how organisations navigate today’s emerging tech — and prepare for what’s next.
      Read more

      Get in touch

      Philip Whitmore - KPMG NZ - Partner
      Philip Whitmore

      Partner - KPMG Cyber

      KPMG in New Zealand

      PeterBailey-KpmgNZ
      Peter Bailey

      Director - KPMG Cyber

      KPMG in New Zealand

      Sinan Dalgic
      Sinan Dalgic

      Director - KPMG Cyber

      KPMG in New Zealand

      Sebastiaan Pronk
      Sebastiaan Pronk

      Associate Director

      KPMG in New Zealand