-1.png?width=125&height=31&name=Manux%20Logo%20-%20Main%20(Expanded)-1.png "logo"){kind=small}
11 May 2026
For many New Zealand businesses, cybersecurity still feels like something that happens to other organisations until it directly impacts operations, finances, or reputation. We regularly work with businesses that only fully understand the risk after experiencing an incident, whether that is financial loss, system downtime, or exposure of sensitive data.
The reality is that cyber attacks are no longer rare or highly targeted events. They are frequent, automated, and increasingly focused on everyday business activity. One successful phishing email or compromised password can disrupt operations, impact customers, and create significant recovery costs.
At Manux Solutions, we work with New Zealand businesses every day to improve their cybersecurity posture. One of the most consistent risks we see is not a failure of technology, but how increasingly sophisticated attacks are targeting people.
Cybersecurity threats are no longer limited to large enterprises or highly technical attacks. In New Zealand, businesses of all sizes are increasingly being targeted through their people, not just their systems. While technology plays a critical role in protecting organisations, one of the most effective and often overlooked defences is security awareness training for end users.
The Human Factor in Cyber Security
Many cyber incidents don’t begin with sophisticated hacking techniques. They start with a single click, reply, or reused password.
From what we see working with clients, phishing emails, fake login pages, scam phone calls, and social engineering tactics are becoming more convincing and more targeted. These attacks are designed to exploit human behaviour rather than technical vulnerabilities.
New Zealand’s National Cyber Security Centre (NCSC) and CERT NZ consistently report that phishing and credential harvesting remain among the most common cyber incidents affecting both individuals and organisations. These attacks rely on convincing someone that a message or request is legitimate, urgent, or familiar, and they only need to succeed once. (ncsc.govt.nz), (ncsc.govt.nz)
Credentials: A Major Risk for NZ Organisations
Recent reporting has highlighted the scale of credential compromise affecting New Zealand organisations. Investigations have identified millions of compromised usernames and passwords linked to NZ businesses and institutions, many of which remain active long after the original breach occurred. (rnz.co.nz), (dailysecur...review.com)
In our experience, credential reuse remains a common issue across businesses of all sizes. We regularly see cases where staff use the same passwords across multiple systems, increasing the impact of any single breach.
CERT NZ has also warned that attackers frequently use previously leaked credentials in automated attacks, a technique known as credential stuffing, to gain unauthorised access to systems where passwords have been reused. This means that a breach in one service can quickly become a gateway into business systems if users are unaware of the risks. (the420.in)
Phishing Remains the Primary Attack Vector
Phishing continues to be the most reported type of cyber incident in New Zealand. In recent quarters, CERT NZ reported that phishing and scam-related activity made up a significant proportion of all incidents, with financial losses running into the millions of dollars nationally. (ncsc.govt.nz), (consumerpr...on.govt.nz)
This is something we see consistently across the organisations we support. These attacks are becoming more convincing, often mimicking trusted organisations, suppliers, or even internal colleagues. Messages are designed to create urgency, pressure, or concern, encouraging quick action before a user has time to properly assess the situation.
Why Technical Controls Alone Aren’t Enough
Firewalls, email filtering, and security software are essential, but they are not foolproof. Threat actors adapt quickly, and many attacks are designed to work around technical controls by influencing human judgment instead.
From what we see with New Zealand businesses, even well-configured environments can be compromised if users are not equipped to recognise and respond to these threats.
Security awareness training helps bridge this gap by giving users practical knowledge:
- How to recognise suspicious emails, messages, and phone calls
- Why password reuse creates risk and how compromised credentials are used
- How social engineering techniques work and why they are effective
- When and how to report suspected incidents early
CERT NZ research into cybersecurity behaviours shows that awareness and understanding directly influence how people respond to threats, including whether they pause, verify, or report suspicious activity. (cert.govt.nz)
Reducing Risk Through Awareness and Culture
Effective security awareness training is not about blaming users. It is about giving them the knowledge and confidence to respond appropriately. When staff understand the role they play in protecting the organisation, they become part of the defence rather than a point of weakness.
NZ organisations that prioritise regular, practical training are better positioned to:
- Reduce the likelihood of successful phishing attacks
- Limit the impact of compromised credentials
- Detect incidents earlier through prompt reporting
- Build a stronger overall security culture
This is especially important for small and medium-sized businesses, which continue to feature heavily in New Zealand cyber incident reporting and often have fewer resources to recover from a serious breach. (sharp.net.nz)
Security Awareness Is an Ongoing Process
Threats continue to evolve, and one-off training sessions are no longer sufficient. Regular refreshers, real-world examples, and clear reporting processes help ensure security remains front of mind, especially during complicated or high-pressure situations when mistakes are more likely.
Security awareness training should be treated as a core business practice rather than a compliance checkbox. When combined with strong technical controls and clear policies, it plays an important role in reducing cyber risk and improving resilience.
Security Awareness Training with Manux
We help businesses take a practical approach to reducing human risk through targeted security awareness training.
Our Security Awareness Training equips employees to recognise phishing, social engineering, and other security threats, turning human risk into human defence.
We focus on real-world scenarios that New Zealand businesses are facing, so staff not only understand the risks but can recognise them in day-to-day situations and respond with confidence. This includes building awareness around the types of attacks we are actively seeing across NZ organisations, helping teams stay relevant and prepared rather than relying on generic or outdated examples.
By improving how your people identify and respond to threats, you reduce the likelihood of incidents, improve early detection, and strengthen your overall security posture.
If you want to build a more security-aware team and reduce your organisation’s risk, get in touch with Manux or learn more about our cybersecurity offerings.
Final Thoughts
In today’s threat landscape, cybersecurity is as much about people as it is about technology. New Zealand data continues to show that human-focused attacks are widespread, persistent, and costly, but they are also highly preventable with the right level of awareness.
Investing in security awareness training is one of the most practical and cost-effective steps an organisation can take to protect its data, systems, and reputation.
How Manux Solutions Can Help
We support New Zealand businesses across all areas of cybersecurity, from strengthening technical controls to improving user awareness and response.
We take a practical, real-world approach based on what we see working across organisations like yours, helping you reduce risk, improve resilience, and respond effectively to evolving threats.
If you want to understand your current risk better, strengthen your cybersecurity posture, or need support in protecting your business, get in touch with the Manux team.