- Posted September 22, 2023
- Media Releases
Well-defined cyber security strategies call for a structured investment approach
Today, the Government Communications Security Bureau’s National Cyber Security Centre (NCSC) has issued a new resource to help business leaders and cyber security professionals better understand and manage cyber security investments.
Lisa Fong, GCSB’s Deputy Director-General and responsible for the NCSC, says that a carefully structured approach to cyber security investment is required.
“It is becoming increasingly important to align your cyber security strategy with your wider organisational strategy and financial governance. One vital component of a well-defined cyber-security strategy is an investment plan,” says Ms Fong.
As organisations continue to expand their digital footprints, risks to their information assets and their ability to operate and maintain services increase.
Ms Fong says the goal of effective cyber security investment is for cyber resilience to become embedded into an organisation’s culture.
“Investment in cyber security is highly specific to each organisation’s requirements and can present complexity. Adopting a flexible cyber investment plan helps organisations to scale and adjust to a landscape that is constantly shifting.”
The guidance presents a cyclical, four-phase approach to cyber security investment - knowing your organisation’s threat landscape, defining a strategy, delivering results, and measuring success.
“The aim for this guidance is not to provide exhaustive instruction, but instead to give organisations a useful starting point and help to structure their thinking around cyber security investment,” Ms Fong says.
Cyber Security Investment: A Structured Approach is the fourth and final guidance release as part of a series developed by the NCSC based on analysis of 250 New Zealand organisations’ cyber security resilience. Previous releases focused on improving incident management(external link), cyber security governance(external link), and supply chain cyber security(external link).
This guidance is designed for both government and non-government organisations of varying sizes and capabilities.