Securing Aotearoa’s Digital Future: TUANZ Calls For "Security By Design" And Stronger System Accountability

by · SCOOP

The Tech Users Association of New Zealand (TUANZ) is urging a shift to a more proactive and enforceable approach to cyber security, warning that current settings place too much responsibility on individuals and small businesses to manage increasingly complex digital risks.

As part of its 2026 policy programme, TUANZ today released its Trust and Safety position paper, alongside a discussion paper on social media age assurance. Together, they set out a clear direction: New Zealand must move beyond a "user beware" mindset and embed "security by design" across digital systems.

"New Zealand has made real progress in strengthening its cyber defences,” says Paul Littlefair, Chair of TUANZ. "Better coordination through the National Cyber Security Centre (NCSC) and initiatives like Malware Free Networks are delivering results. But the threat environment is evolving quickly, and our response needs to keep pace.”

Recent data highlights both progress and pressure:

  • Significant disruption of malicious cyber activity across national networks
  • Tens of millions of dollars in harm avoided to critical organisations
  • At the same time, escalating scam losses and declining confidence among small businesses

With New Zealanders losing an estimated $200 million annually to scams, TUANZ warns that the rapid advancement of generative AI is amplifying risks. Sophisticated, highly personalised attacks are becoming easier to execute, and harder for individuals to identify.

Advertisement - scroll to continue reading

This is creating a growing equity gap, particularly for small and medium-sized enterprises (SMEs), many of whom lack the capability and resources to keep up. A rising proportion of smaller organisations now report their cyber resilience as insufficient.

“Expecting individuals and small businesses to carry the burden of managing these risks is no longer tenable,” Littlefair says. “We need to design systems that are secure by default, not secure only for those with the time, expertise or resources to protect themselves.”

From individual responsibility to system accountability

TUANZ’s position is clear: improving digital trust requires a shift in where responsibility sits, from users to the systems and platforms they rely on.

To support this, TUANZ is calling for four priority actions:

  • Develop an Enforceable National Cyber Security Approach: Transition from voluntary guidelines to enforceable legislation, including mandatory reporting for major cyber-attacks and enhanced capabilities for agencies to investigate and prosecute global cybercriminals targeting New Zealanders.
  • Close the SME Gap with "Cyber Health Incentives": Bridge the equity gap by introducing tax rebates or direct grants for SMEs to adopt essential security "hygiene," such as multi-factor authentication (MFA) and secure cloud backups.
  • Mandate Platform and Provider Accountability: Enact regulation that requires telecommunications and social media platforms to proactively detect and block fraudulent activity and deepfakes, shifting the burden of identifying AI-generated scams away from the individual user.
  • Embed Cyber Safety as a Core Life Skill: Treat digital literacy with the same importance as reading and mathematics by mandating technology upskilling in the school curriculum, ensuring the next generation enters the workforce protected and prepared.

Supporting a balanced national conversation on online safety.

Alongside the Trust and Safety paper, TUANZ has released a discussion paper, Navigating the Social Media Age-Gating Debate, to help inform policy development in a fast-moving and highly contested area.

Rather than advocating a single solution, the paper sets out key principles to guide decision-making, including proportionality, practicality, privacy and equity. It also highlights the trade-offs inherent in age assurance approaches and the importance of grounding policy in evidence.

“This is a complex issue with no simple answers,” Littlefair says. “What matters is that we have a clear, informed national conversation - and that we don't default to solutions that shift responsibility back onto families without addressing system-level risks.”

Enabling growth through trust

TUANZ emphasises that strengthening trust and safety is not only a defensive priority, but a critical enabler of growth.

“Trust is fundamental to digital adoption,” says Littlefair. “If people don't feel safe online, they will not fully engage with new technologies, including AI. Getting this right supports innovation, productivity, and the long-term competitiveness of our digital economy.”

© Scoop Media

Advertisement - scroll to continue reading