Sign in
Quick links
Discover — Customer Stories, Ebooks, Video & Resources Our communities Our sustainability journey Datacom’s fifth annual cloud report State of AI Index: AI Attitudes in NZ

2026 Cybersecurity Index

The resiliency gap
Get your copy of the report
Download the report

Download the 2026 Cybersecurity Index

Datacom’s 2026 Cybersecurity Index provides valuable research insights into the cybersecurity market across New Zealand and Australia. The research findings draw on a commissioned Omdia survey of more than 700 business and security leaders across both regions to identify cybersecurity trends and attitudes.

Insights include:

  • The resiliency gap: visibility of threats versus readiness to recover

  • How AI is reshaping cyber-attacks, cyber defence and how to respond  

  • Why organisations need to rethink how they design security partnerships for resilience

Thank you

Thank you for downloading Datacom’s 2026 Cybersecurity Index. You will receive an email with your copy shortly. 

With an exponential increase in volume and velocity of cyber-attacks, how resilient are our organisations?

Datacom's 2026 Cybersecurity Index draws insights from a commissioned survey of more than 700 business and security leaders across New Zealand and Australia and analysis from our cybersecurity experts.

This year's results show a disconnect between the high levels of confidence in threat monitoring and detection, versus the reality of readiness to recover when attacks eventuate.

Three-quarters of New Zealand and Australian organisations say they have good visibility into cyber risk and the resources to deal with an attack. Yet only around a third have a tested business continuity or cyber incident response plan, and most leaders still expect to bounce back from a major incident in a matter of days – while real world examples show recovery often takes weeks or months.

The report also explores how AI is reshaping cyber‑attacks and defence, why traditional cybersecurity service partnerships need to change, and the cultural and sovereignty issues influencing cyber readiness – the full 2026 Cybersecurity Index is available to download now.

Top three cybersecurity threats: volume and velocity raising the stakes

AI-based attacks and phishing are once again at the forefront of concerns for organisations across New Zealand and Australia. AI-enabled attacks are not new threats, but are amplifying cybersecurity issues by acting as 'force multipliers'. Continued dominance of phishing and social engineering makes workforce education increasingly crucial and legacy applications continue to be a weak spot for many organisations.

 
Pinch and drag on the image above to interact %
Top 3 cybersecurity threats statistic
What organisations need from partners now is not another ‘Christmas tree of alerts’ but engineered resilience. Automation at the front door, with humans in the loop and a clear focus on mean time to resolution, not just mean time to detect, are the new priorities.
Profile photo of Mark Hile
Mark Hile
Managing Director of Infrastructure Products, Datacom

Visibility of threats versus readiness to recover

In 2026 and beyond, maturity will be defined by resilience, not just detection. The data tells us organisations can see the threat, but just over 30% will not survive it and that is the gap that Datacom's experts are advising organisations to close. "It requires a fundamental shift in how boards and business leaders make decisions in cybersecurity investment and in what organisations need from their cybersecurity partners. Detection is table stakes. Reporting is a must. Resilience is the differentiator," says Collin Penman, Chief Information Security Officer, Datacom.

 
Pinch and drag on the image above to interact %
The resiliency gap statistic

The resiliency gap

 
Pinch and drag on the image above to interact %
But only statistic
The gap between how quickly leaders believe they can recover and how long recovery actually takes is not a technology problem; it’s a preparedness problem. Detection reduces surprise, it doesn’t reduce disruption, and disruption is what costs you customers, revenue and trust.
Profile photo of Collin Penman
Collin Penman
Chief Information Security Officer, Datacom

Continuity countdown: How long does it take to recover?

Given less than a third of organisations – rising to 36% for enterprises – have a business continuity or cyber incident response plan in place, estimated recovery times of less than a week seem highly optimistic. Datacom CISO Collin Penman says what separates organisations that recover in days from those that take months is not their detection capability – it is whether they rehearse the moment when security becomes a business crisis.

 
Pinch and drag on the image above to interact %
Continuity countdown statistic
A plan that has never been tested is not a plan, it’s just a document. In operational‑readiness terms, muscle memory is the accumulated effect of repeated, realistic practice, so that response becomes automatic, not improvised; coordinated, not siloed; fast and not debated.
Profile photo of Collin Penman
Collin Penman
Chief Information Security Officer, Datacom

Methodology

Datacom commissioned Omdia to undertake research into the cybersecurity market in Australia and New Zealand. The research included a market survey of 714 security leaders – 506 in Australia and 208 in New Zealand. 

Dominos toppled over on top of each other

Discover more

  • Technology
Meet our CISO Collin Penman Datacom's Chief Information Security Officer on what's top of mind when it comes to cybersecurity and the one thing an organisation can do to improve its security posture right now.