How to report Cyber Security Incidents to New Zealand NCSC

National Cyber Security Center - New Zealand

Reporting cyber security incidents to NCSC

Reporting cyber security incidents helps the New Zealand NCSC (National Cyber Security Center) to develop a threat environment picture for government systems and Critical National Infrastructure (CNI) and assist other agencies who may also be at risk. Cyber security incident reports are also used for developing new policies, procedures, techniques and training measures to help prevent future incidents. The NCSC provides enhanced services to government agencies and critical infrastructure providers to assist them to defend against cyber-borne threats.

Reporting cyber security incidents to NCSC through the appropriate communication channels ensures that appropriate and timely assistance can be provided.

If you are a government organization or Critical National Infrastructure organization and you have encountered or suspect a cyber threat, please contact NCSC and/or download, complete and return an Incident Reporting Form from

Phone 04 498-7654
Email [email protected]

Recording cyber security incidents

The purpose of recording cyber security incidents in a register is to identify the nature and frequency so that mitigation actions can be taken.

  • The Responsible Entity should ensure that all cyber security incidents are recorded in a register.
  • The Responsible Entity should include, at the minimum, the following information in its register:
    • The date the cyber security incident was discovered
    • The date the cyber security incident occurred
    • A description of the cyber security incident and whether it was reported
    • The file reference.

The Responsible Entity should use their register as a reference for future security risk assessments.

Outsourcing and cyber security incidents

When a Responsible Entity outsources information technology services and functions, they are still responsible for the reporting of cyber security incidents. The Responsible Entity must ensure that the service provider informs it of all cyber security incidents to allow it to formally report to NCSC and /or where relevant, NZ Police.

Responsible Entities that outsource their information technology services and functions must ensure that the services provider consults with the Responsible Entity when a cyber security incident occurs.

Osprey Security Wins Award for Best Cybersecurity Company

Osprey Security awarded Best Cybersecurity Company

Best Cybersecurity Company AwardPALO ALTO, CA (February 14, 2017). Osprey Security, the Big Data driven cyber security and threat intelligence company, won the award as the Best Cybersecurity Company in this year’s Cybersecurity Excellence Awards. The annual Cybersecurity Excellence Awards are the most prestigious awards across the Cybersecurity industry that honor and recognize the world’s best products and organizations that demonstrate innovation, excellence and leadership in the Cybersecurity arena.

These awards provide a tremendous insight into the most successful companies within the American economy’s most dynamic segment— its Cybersecurity and Information Security domain. Winners were chosen via popular vote from the LinkedIn Information Security Community – a group comprised of nearly 350,000+ members.  Companies such as Blue Coat, Check Point, Rapid7, Sophos, Tripwire, Cylance, CyberArk, Darktrace, Lookout, Securonix, and many other well-known names gained national exposure as honorees of the Cybersecurity Excellence Awards.

“The Cybersecurity Excellence Awards is a true validation of the cybersecurity industry. This win is a true reflection of the immense contribution and commitment to excellence from our exceptional team, cutting-edge products, the executive leadership, and our distinguished board members. From just metrics perspective, we have demonstrated strength in building proprietary technology, network effects, economies of scale, and branding making us a leading startup in the United States within the Cybersecurity domain.”

“We view this recognition as a sign of our commitment to being the leading company in the Cybersecurity industry. Knowing that we received the most number of votes in the award history is a strong validation from the security community.” said Dr. Vivek Lall, CEO of General Atomics, and Chairman of the advisory board for Osprey Security.

“Congratulations to Osprey Security for being recognized as the winner in the Best Cybersecurity company category of the 2017 Cybersecurity Excellence Awards”, said Holger Schulze, founder of the Information Security Community on LinkedIn. “With a record 458 entries this year, the awards are highly competitive and our winners reflect the very best in innovation and excellence in the cybersecurity space.”

Since the beginning of 2016, Osprey Security experienced a vertical growth. What began as two guys about a year ago, is now an organization with a global team and offices in Palo Alto, California and in Singapore. Osprey Security is ready to grow in orders of magnitude in the coming year with the successes and foundation built on the efforts of its team, its customers, and the encouragement from the VCs, investors, and other well-wishers.

About Cybersecurity Excellence Awards

The Cybersecurity Excellence Awards honor companies and individuals that demonstrate excellence, innovation and leadership in information security. This independent awards program is produced in cooperation with the Information Security Community on LinkedIn, tapping into the experience of over 350,000+ cybersecurity professionals to recognize the world’s best cybersecurity products, individuals and organizations. For more information visit

About Osprey Security

Osprey Security is a disruptive Cyber Security company transforming the way organizations can manage their cyber threat landscape by providing actionable security and risk intelligence using its Patent Pending Technology and processes tailored to meet the organization’s risk appetite. Our products use empirical data driven methods to provide unmatched insight into emerging threats and help organizations address them before they can be exploited causing an incident. Our next generation machine learning based algorithms provide organizations with real-time threat intelligence, allowing them to proactively defend against cyber-attacks and help them counter with our evidence based security platform.

For more information, please visit www. or connect with us on Twitter (@osprey_security) and LinkedIn.

Media Contact:

Janet Smith

+1 (650) 542-9237

[email protected]

Cybersecurity Excellence Awards

Osprey Security Best Cybersecurity Company Award

Osprey Security has been nominated under the “Best Cybersecurity Company” category in the Cybersecurity Excellence Awards 2017. Osprey Security is truly on the cutting edge of technology and solving the cybersecurity challenges of its customers. We truly appreciate the nomination and the recognition offered.

Vote for us in the Best Cybersecurity Company category by giving the thumbs up. Hurry up, the deadline to continue to promote your favorite Cybersecurity company is January 15th 2017.

Vote for Osprey Security Now –


Fighting the Cyber Bully: A Company’s Legal Obligation

cybersecurity legal opinion

Data breaches have become increasingly more common within the last decade. Most of these intrusions have caused a great deal of consumer scrutiny and could potentially affect a company’s future business potential. These data breaches have affected some major corporate enterprises and it is important for them to consider their legal obligations from a Cybersecurity and data breach perspective. Take for example the below listed data breaches and compromises:

  • In 2007 TJ Maxx was subject to an intrusion where 94 million records were compromised;
  • In 2010, Sony Playstation Network suffered an intrusion where 77 million records were compromised;
  • In 2013, Target was subject to an intrusion where 70 million records were compromised; and
  • In 2014, JP Morgan Chase fell victim to an intrusion where 76 million records were compromised.

Unfortunately, although these corporations are obviously victims of serious crimes, these breaches have pushed the onus onto businesses to develop security measures to protect consumer information. Failing to develop potential safeguards can ultimately lead to great distrust amongst the public, or, in certain circumstances, even litigation.

After Target’s 2013 data breach, the company faced a class action for its failing to protect customer data and ultimately settled for $10 million. Such a suit leads to the question: how exactly does a corporate entity become responsible for the nefarious acts of a third-party?

Typically, if the state has not adopted legislation placing the affirmative duty upon the corporate entity to adopt security measures for the protection of consumer information (please note: Massachusetts, California, Connecticut, Rhode Island, Oregon, Maryland, and Nevada have all passed such legislation), a court will view the failure to provide sufficient protection of consumer information under a typical negligence standard. A court will, therefore, consider (more…)