Resources
Cyber insurance, plain-English.
Guides and analysis for New Zealand business buyers. Written by Stewart Hunt at First Commercial Insurance Brokers Ltd (FSP748591) — sourced citations, no bullet salads, no fabricated case studies.
Read the full NZ cyber insurance guide → · Compare NZ cyber insurers side by side →
All articles
Social Engineering and Business Email Compromise — Where NZ Cyber Wordings Pay (and Where They Don't)
CERT NZ flags BEC as among the highest-impact NZ incident categories — but standard NZ cyber wordings cover the loss itself narrowly and sub-limited. Walkthrough of typical coverage shape, common conditions, and how to close the gap.
FMA + RBNZ Cyber-Resilience — Obligations and Insurance for NZ Financial Firms
FMA-licensed FAPs, fund managers, RBNZ-supervised banks and insurers each face cyber-resilience expectations. Maps each obligation to specific cyber-insurance policy responses, with practical pre-renewal checklist. Primary-source-cited (FMA, RBNZ, OPC).
ICNZ — Reading the NZ Insurance Industry's Cyber-Risk Posture
How ICNZ's Fair Insurance Code, industry data, and Government submissions inform cyber-insurance buying decisions. Industry-cycle context, dispute-resolution paths, and practical takeaways. Primary-source-cited (ICNZ, CERT NZ, FSCL).
NCSC + NZISM — When NZ's Higher Cyber-Security Standard Matters for Insurance
The NZ Information Security Manual (NZISM) is the higher bar above CERT NZ's 10 Critical Controls. When NZISM compliance is required, how it differs, and what it means for cyber-insurance underwriting. Primary-source-cited (NZISM, NCSC, CERT NZ).
CERT NZ Quarterly Threat Report — What the Data Says About NZ Cyber Insurance
CERT NZ Quarterly Reports are NZ's most-cited cyber-incident source. Walkthrough of each category — phishing, ransomware, unauthorised access, BEC — and how each maps to what cyber insurance pays for. Primary-source-cited.
Privacy Commissioner Serious-Harm Threshold — When a Cyber Incident Triggers Mandatory Notification
Section 117 of the Privacy Act 2020 only requires notification of breaches likely to cause 'serious harm'. The Privacy Commissioner's guidance, common assessment mistakes, OPC's enforcement posture, and how cyber insurance pays for the legal advice. Primary-source-cited.
Privacy Act 2020 Cyber Breach Notification — What NZ Businesses Must Do, in Order
The Privacy Act 2020 notifiable-breach regime, in the order it actually happens after a cyber incident. Serious-harm threshold, 72-hour OPC notification, where cyber insurance fits each step. Primary-source-cited (OPC, CERT NZ, NZ Parliamentary Counsel).
CERT NZ Critical Controls — What Cyber Insurers Now Underwrite Against
CERT NZ's 10 Critical Controls have become the de facto NZ cyber-insurance underwriting standard. Walkthrough of each control, what insurers ask about on application, and how to evidence them. Primary-source-cited (CERT NZ, NCSC NZ).
Cyber Incident Response Playbook for NZ Businesses — First 72 Hours
Hour-by-hour incident response playbook for NZ SMEs. Maps each step to CERT NZ, NCSC NZ, OPC notification obligations, and where your cyber insurer fits. Primary-source-cited.
Data Breach Insurance NZ — What Cover Responds, and What the Privacy Act 2020 Requires
Plain-English guide to data breach insurance in New Zealand: what cover pays for, the Privacy Act 2020 notification flow, and what insurers expect.
Understanding Cyber Insurance Coverage — First-Party vs Third-Party
What cyber insurance actually covers in NZ. First-party vs third-party explained, how to read sublimits and exclusions in the wording.
How to Choose the Right Cyber Insurance Coverage for Your NZ Business
A practical decision framework for sizing limits, reading the comparison, and the trade-offs that matter when shopping cyber cover.
Cybersecurity Controls Insurers Actually Look For — A New Zealand SME Guide
The five baseline controls NZ cyber underwriters want to see, ranked by how much they move the needle on cover and premium.
Recent Cyber Attacks in NZ — What They Tell Insurers, and Buyers
Patterns from CERT NZ Quarterly Reports — what's shifting in the NZ threat landscape and how it changes the cyber insurance application.
Cyber Risk Management for NZ Business — Beyond the Insurance Policy
Cyber risk management as a board-level discipline using the ISO 31000 cycle: identify, assess, treat, monitor. Insurance is one tool, not the whole answer.
Ready to talk to a licensed adviser?
Three-question quote takes about 2 minutes. Free, no obligation. Stewart Hunt usually responds within one business day.