Opinion: Cyber security is no longer just an IT issue
Kylie Cornelius | Executive Officer | Marlborough Chamber of Commerce
Published in the Marlborough Weekend Express, July 11 2026
Conversations with our members often give me a good sense of what's front of mind for local businesses. While issues like staffing, rising costs and compliance are common themes, cyber security is one area that's becoming impossible to ignore.
We recently hosted a Cyber Security Workshop where Hazel from Cloudland did an excellent job of taking what can be a complex subject and making it relatable for everyday businesses. There was no technical jargon or scare tactics, just practical advice that business owners and managers could understand and put into practice.
The timing proved remarkably relevant.
Just days later, the cyber security agencies from New Zealand, Australia, the United States, the United Kingdom and Canada released a rare joint statement warning that artificial intelligence is fundamentally changing the cyber threat landscape. Their message was clear - cyber-attacks are becoming faster, more sophisticated and easier to carry out, meaning the time for businesses to strengthen their cyber security is measured in months, not years.
When Allan Willoughby from Bluehex shared the statement with me, one comment really stood out: "This is a clear signal for businesses to act."
He also pointed out that a joint statement from the Five Eyes nations carries a level of credibility that no individual IT provider can replicate. More importantly, it reinforces that cyber resilience is no longer simply an IT issue. It's a business issue and a leadership responsibility.
That message echoed what we heard during our workshop. Business owners don't need to become cyber security experts, but they do need to understand the risks and ask the right questions. Are our systems up to date? Are staff equipped to recognise phishing emails? Are we using multi-factor authentication? If something happened tomorrow, would we know how to respond?
The reassuring part is that the advice hasn't become more complicated. The fundamentals still matter. Layered protection, including strong passwords, multi-factor authentication, regular software updates, secure backups and ongoing staff awareness, remains one of the most effective ways to reduce risk.
Another important point came from another member, Wayne Wiffen, at ICIB. Many businesses have cyber insurance, but it's equally important to understand what your policy requires. As Wayne says, "Businesses should regularly review their cyber insurance policy to ensure they're meeting the insurer's security requirements. Having the cover is important, but maintaining those standards is just as important should you ever need to make a claim."
Cyber criminals aren't just targeting large organisations. Small and medium-sized businesses are increasingly in their sights because they're often seen as easier opportunities.
We all take sensible steps to protect our physical assets. We lock our premises, insure our vehicles and look after our equipment. Our digital assets deserve that same level of attention.
If our recent workshop prompted even a handful of local businesses to review their cyber security, have a conversation with their team or ask a few more questions of their IT provider, then it has already made a difference. In a world where technology is changing so quickly, taking a few practical steps today could save a great deal of disruption tomorrow.
