New Zealand Security Magazine: December 2025 - January 2026

NZ S M

Nick

Dynon

Chief Editor

Nick has written for NZSM since 2013. He writes on all things security, but is particularly fascinated with the fault lines between security and privacy, and between individual, enterprise and national security.

Prior to NZSM he clocked up over 20 years experience in various border security and military roles.

Contact Details:

Chief Editor, Nick Dynon

Phone: + 64 (0) 223 663 691

Email: nick@defsec.net.nz

Publisher, Craig Flint

Phone: + 64 (0)274 597 621

Email: craig@defsec.net.nz

Postal and delivery address:

27 West Crescent, Te Puru 3575, Thames, RD5, New Zealand

Kia ora and welcome to the December 2025 – January 2026 issue of New Zealand Security Magazine! 2025 has come and (almost) gone in a flash, and we’re proud to be presenting to you the last edition of NZSM for the year!

Firstly, and – rightly – as always, a very big thanks to our wonderful advertisers. Our advertisers are businesses that are committed to our industry. Through their sponsorship of this magazine they play an important role in contributing to a vibrant and informed security sector.

In this issue of NZSM, we do a little scan of what some of the major technology providers are saying about security tech and threat predictions for 2026. We check in with Avigilon, Genetec, and Trend Micro, and we also gain some great insights from Riskonnect and Bitdefender.

On the associations front, we feature NZSA CEO Gary Morrison’s most recent newsletter and we highlight a recent NZSA update about a new training module designed to support security providers in helping their new staff to start their career in security

And there’s several security professionals highlighted in this edition for their outstanding acts, appointments, bravery, and performance. These include NZSA Saved a Life awardees Gregory Surrey, Vaneasa Conner, Dylan Francis, Ravijeet Singh, Oselise Muliava, and Roshan Mohammed from Armourguard Security, new appointees to FIRST Security Natasha Fraser and Chris Bartlett, and Red Badge rising star Ellie Webb and bravery certificate awardee Johnny Mapusua

At the intersection of physical and cybersecurity, we explore recent developments in the world of ‘converged security’, and, in particular, note the emergence of the Converged Security Institute, an organisation that is putting decades of converged security talk and theory into practice with a range of standards and certifications.

Also in this edition of NZSM, Netsafe says New Zealand is facing a new era of digital harm as AI-generated abuse, scams and harassment hit record levels, exposing serious gaps in the decade-old Harmful Digital Communications Act

If you haven’t already, consider subscribing to our regular eNewsletter THE BRIEF. It’s a great way to keep up to date with the latest. If you’re not already an NZSM subscriber, make sure you visit www.defsec.net.nz to sign up!

Lastly, from the team here at NZSM, all the very best for the festive season! If you’re working over this time, thank you, and if you’re taking a well-deserved break, keep safe.

Nicholas Dynon, Auckland

Disclaimer:

The information contained in this publication is given in good faith and has been derived from sources believed to be reliable and accurate. However, neither the publishers nor any person involved in the preparation of this publication accept any form of liability whatsoever for its contents including advertisements, editorials, opinions, advice or information or for any consequences from its use.

Copyright: No article or part thereof may be reproduced without prior consent of the publisher.

Upcoming Issue

February / March 2026

Banking, Insurance and Finance, Loss Prevention, Industry Training

Media

linkedin.com/company/ defsec-media-limited

Unsung Heroes: Recent recipients of the NZSA Saved a Life Medal

The Saved a Life Medal programme recognises those who demonstrate the very best in security professionalism by taking actions that contribute to the saving of a life.

The New Zealand Security Association (NZSA) Saved a Life Medal programme provides a way in which the community can recognise our industry’s security personnel who face the daily potential of making critical decisions or taking action to save a life or property.

Nominations for the award may be submitted by employers, customers, work colleagues, emergency service providers and members of the public who can verify that the actions of a Security Officer, or a security team, directly contributed to the saving of a life.

All nominations are assessed by the NZSA executive, and recipients of the medal are profiled in the bi-monthly NZSA newsletter and on the NZSA social media platforms. They also receive an inscribed award which they will retain.

According to the award’s criteria, the actions of the security worker should fall within one of the following situations:

1. Assisting or removing a person, or persons, from life threatening situations.

2. Providing care to a person, or persons, that has resulting in their surviving life-threatening injuries.

3. Preventing a person, or persons, from causing life threatening harm to others.

4. Preventing a person, or persons from causing life threatening harm to themselves.

5. Identifying and removing risks that if unmitigated, could have caused life threatening harm to others.

Nominations must be received within four months of the incident and be supported by evidence such as media reporting, letters of acknowledgement or witness statements.

Saved a Life medal –Gregory Surrey

On the evening of Monday, 8th September 2025, Gregory Surrey responded with exceptional professionalism and compassion to a medical emergency at the concourse around 2255 hours. A 16-year-old female was found collapsed, and Gregory quickly identified the severity of the situation.

Greg was told by the person that she was diabetic. While on the phone with emergency services, he took her vitals on their request and then put her into recovery position when she commenced vomiting. He also tried to give her glucose and then sugar water.

When paramedics arrived, they conducted a blood glucose test and found that her levels were indeed dangerously low. Gregory’s calm and decisive actions were instrumental in providing immediate care, preventing what could have become a lifethreatening incident. His dedication to the safety and wellbeing of those around him exemplifies outstanding security service and community care.

Saved a Life (Highly Commended) –Vaneasa Conner

Vaneasa Conner was nominated for her outstanding response during a critical incident at Plimmerton Station on 22 September 2025. A distressed 16-yearold girl activated the Emergency Call Point, expressing suicidal thoughts and entering the rail corridor multiple times.

Vaneasa took over the call, calmly engaging the girl with empathy and care. She reassured her, saying “I care,” which helped build trust. Vaneasa contacted police and kept

the girl talking, gently shifting the conversation to her dreams and future. When the girl revealed she wanted to be a police officer, Vaneasa encouraged her, helping her feel seen and valued.

Even when police arrived, the girl insisted on speaking with “that lady” again. Vaneasa’s compassion and communication were instrumental in de-escalating the situation and ensuring the girl accepted help. Her actions exemplify the highest standards of our profession.

Saved a Life Medal – Dylan Francis

On 27 July 2025 at Waterloo Station, Security Officer Dylan Francis was approached by a distressed individual whose friend had collapsed. Dylan immediately called 111 and relayed critical information, including the patient’s condition, breathing and chest movement, and later the presence of saliva and blood. While doing so, he calmed the panicked friend and maintained control of the situation. During the incident, a bystander attempted to jump onto the train tracks to reach the patient. Dylan intervened and directed them safely via the subway, preventing a potential secondary emergency. That individual then assisted by placing the patient in the recovery position.

Though off duty and simply waiting for his train, Dylan’s professionalism, composure, and decisive actions ensured paramedics received timely and accurate updates before arriving on site. His leadership and quick thinking directly contributed to the patient’s survival and demonstrated the highest standards of security service.

Saved a Life Medal –Ravijeet Singh

At 01:10am on 28 October 2025, Ravijeet discovered an unconscious young girl lying alone on the walkway to AUT from platform B. She was barely breathing. Without hesitation, he called for an ambulance at 0112am and remained by her side, monitoring her condition until paramedics and police arrived at 0121am.

The girl, later identified as 8 years old, was nonverbal and deaf, communicating through sign language. She had a medical history and was carrying a nasal irrigation device in her backpack. She was hesitant to go with the paramedics, but after receiving an injection and feeling nauseous, she was carried to the ambulance.

Thanks to Ravijeet’s swift response, the girl regained consciousness around 0140hrs and was safely transported for further care. His calm under pressure, compassion, and coordination with

emergency services were instrumental in saving her life.

Saved a Life Medal –Oselise Muliava & Roshan Mohammed

On Monday 28th July 2025, a violent brawl involving two groups of youngsters erupted at Manukau Bus Station around 2000hrs. The confrontation quickly escalated, with three knives being brandished and used, placing the lives of bystanders and participants at immediate risk.

Security Officers Oselise Muliava and Roshan Mohammed acted swiftly and professionally to stop the violence and save a critically injured young male’s life. The officers demonstrated exceptional courage and professionalism. Their calm, decisive intervention under extreme pressure, along with effective first aid and coordination with emergency services, was crucial in preventing further harm.

The day after the incident, the youngster’s parents visited the bus station to express their heartfelt gratitude to the officers for their heroic efforts. Additionally, the young man himself made a video call from the hospital to thank the officers directly, underscoring the profound impact of their life-saving actions.

Converged Security gets an Institute. Who knew?

Writing about ‘converged security’, or ‘security convergence’, has tended to be an exercise in frustration over many years, writes Nicholas Dynon, but the emergence of a new entity has – all of a sudden – made things interesting.

Nicholas Dynon is chief editor of NZSM, and a widely published commentator on New Zealand’s defence, national security and private security sectors.

We’ve been talking about ‘converged security’ for the better part of two decades.

In 2005, ASIS International, ISACA, and ISSA together co-founded the Alliance for Enterprise Security Risk Management (AESRM), which commissioned two Booz Allen Hamilton research reports: Convergence of Enterprise Security Organizations (2005) and Convergence of Enterprise Security Organizations: International Views (2006).

At that time, while the idea of security convergence largely centred around the convergence of physical security and information (cyber) security in the context of technological developments, the definition has undergone various iterations. In addition to the original physical-digital dichotomy, subsequent definitions have included additional domains, such as business continuity, health and safety, and many others.

There’s also been shifts in focus on the dynamics of convergence, with some descriptions focusing on converging risks faced by organisations, and others focusing on converging security functions within organisations or converged security solutions

While the AESRM appears to have become defunct at some stage, ASIS International has continued its drive to position itself at the forefront of converged security research.

In 2019, the ASIS Foundation published The State of Security Convergence in the United States,

Europe, and India , which combined a survey of 8,000 senior level professionals and insights from respected security industry leaders to present a snapshot of the state of security convergence within organisations.

That study found that just 24% of respondents had converged their physical and cybersecurity functions despite “years of predictions about the inevitability of security convergence”.

In 2024, the US Security Industry Association (SIA) published Security Convergence 2024 , a review of organisational drivers and approaches for converging cybersecurity, physical security and risk management, noted that convergence had been a buzzword for decades but had “sometimes been slow to produce results and may look different now than we originally envisioned.”

“Analysis of how convergence was promoted and applied in the past reveals that despite the topic being novel, concepts that were presented fell short on value, were too challenging to execute or both,” states the report.

Having written about and worked within the converged security space for many years, it certainly appears to me that the ‘converged security’ buzzword has tended to fall short in all but the most innovative of missioncritical settings where a small cohort of organisations are operating blended cyber-physical teams or converged security operations centres.

For the rest of us, the idea of converged security has remained, well, just an idea.

That was the case, I thought, until I recently stumbled across the work of the so-called Converged Security Institute (CSI).

In September, the CSI published ST-CSF.001 Converged Security Framework, a standard, it says, “that provides best practices for implementing unified risk management through converged security frameworks,” including defining “the requirements for integrating cybersecurity, physical security, and operational technology security into a cohesive organisational approach that addresses hybrid, systemic, and cascading risks.”

By its scope and detail, it’s the first substantial attempt I’ve read to create a meaningful standard for security professionals around implementing converged security. And it’s not the only document of its type that this entity has published recently.

Just last month, the Institute released ST-CSF.RMA.001 Converged Security Risk Management and Assessment Standard: Comprehensive Strategic Excellence Framework

This standard establishes converged security risk management protocols, strategic assessment methodologies, and unified governance frameworks

that organisations “must implement to achieve measurable operational superiority and competitive advantage across all security domains.”

It shall provide specific requirements for implementing unified risk assessment, comprehensive threat analysis, and integrated compliance management within the abovementioned ST-CSF.001 Converged Security Framework

Offering professional education and certification in converged security systems and cyber-physical infrastructure, the Institute is led by Dr. Vladimir Bunic who, states its website, is “a leading authority in cybersecurity and digital resilience, with over two decades of experience designing and implementing integrated cyber–physical security solutions.”

“While others are still preaching slides and holding “high-level” discussions without truly engaging with the substance of converged security, the Converged Security Institute is doing the work,” stated Dr Bunis in a recent LinkedIn post.

“We don’t stop at theory. CSI delivers strategic standards for unified risk management and organisational resilience, operationalised across 22 critical domains,” he continued. “These

domains are not abstract - they are mandatory, measurable, and aligned with real-world threats: hybrid, systemic, and cascading risks.”

In addition to a range of professional certifications for individuals, the CSI has launched the CSI Trustmark Program, which is a certification that validates an organisation’s commitment to industry-leading security practices and standards.

“This is not about slides,” stated Dr Bunic. “This is about clarity, capability, and standards that transform organisations and products alike.”

The Institute appears to already have delivered training and certification to a range of customers, including reputable organisations in the global security industry.

While I am yet to road test and analyse the offerings within the CSI catalogue, its entry onto the converged security stage is long-awaited. At the very least it will have turned out to have been a worthwhile contributor to the production of converged security knowledge, and at best it may well turn out to be the catalyst for a new and important chapter in the so far underwhelming story of converged security.

Avigilon: Key access control trends for 2026

According to the 2026 trends report by Motorola Solutions / Avigilon, pairing innovative tech with surveillance systems and advanced AI analytics will make it easier to monitor and manage access while analysing patterns and trends.

The recently released report lists eight top trends for access control in the coming year, including:

1. Touchless entry and access technology

Touchless access is becoming increasingly popular for achieving safety and convenience in high traffic public and commercial spaces. Touchless entry to eliminate the need for physical contact or credentials at the door.

According to the report, touchless technologies will continue to see increased adoption throughout 2026, benefitting operations via improved physical signal configuration and motion sensing technology, enhanced mobile experiences, and biometric technologies.

2. Remote management and security

Remote security and remote access management first gained traction in enabling building owners to secure their premises even while unoccupied. This gave businesses the ability to keep their buildings open while supporting hybrid working environments.

“Remote security’s primary benefit is that it allows organisations to maintain flexibility regardless of where their teams are located,” states the report. “With anywhere access, teams no longer have to worry about time wasted during critical security events. User permissions and door schedules can be adjusted at any time, with those changes taking effect instantly.”

3. Unified security systems

By merging multiple systems’ capabilities, a wider range of technologies can be optimised to enhance overall user experience while supporting building managers and owners to achieve energy-efficiency, productivity and sustainability goals.

The move toward unification is also driving access control hardware consolidation. “Instead of separate readers, cameras and intercoms, the market is shifting toward all-in-one devices,” states the report.

“Modern access control readers often include built-in high-definition cameras, video intercom technology and two-way audio, streamlining installation and providing richer data for the unified platform.”

4. AI-powered automation

Artificial intelligence (AI) will reduce the need of having individuals monitor security system feeds 24/7. While AI-enabled security cameras may not

necessarily replace human verification, they can be invaluable in helping security teams know where to focus their efforts and when to act.

Data ingested from integrated systems can be analysed and provide key insights into an organisation’s operations, helping teams more quickly identify anomalies and triggering specific workflows or processes.

“One example of this access control technology trend is using rules to trigger lockdowns, alarms or alerts following a specified access control event,” states the report.

“This type of automation can be crucial in minimizing damages in an emergency. Still, it is also just as effective in helping teams more effectively triage daily incidents, such as lockouts or doors left ajar.”

5. Cybersecurity and data privacy

Organisations are increasingly aware that a breach in their access control network is just as dangerous, if not

more so, than a physical security breach. A hacker who gains remote access could unlock every sensitive door in a facility simultaneously.

“This focus demands a multilayered defence,” states the report. “Key measures include robust end-to-end encryption for all data, whether it’s stored (at rest) or being sent over the network (in transit).

“It also means implementing secure credential provisioning, especially for mobile, to prevent cloning. Proactive strategies like regular vulnerability testing and penetration audits are becoming standard.”

Additionally, organisations must ensure that their vendors strictly comply with data privacy regulations.

“Protecting access credentials from theft has evolved from an IT problem into a core pillar of workplace security.”

6. Multi-factor authentication

Multi-factor authentication (MFA) is becoming increasingly popular due to its increased security and reliability. MFA in physical access control requires multiple types of authentication prior to granting access, making it more difficult for unauthorised users to gain unauthorised access to buildings or networks.

MFA requires individuals to present multiple credentials at each entry point. In mobile applications, users may need to use Face or passcode to unlock their phone and an app to request an unlock.

Many access control systems also add PIN codes or key cards to mobile authentication in a multi-layered approach to securing high-risk areas.

7. Cloud-based systems

According to the report, cloud-based security and access control solutions are scalable since they allow organisations to control multiple sites from a central location.

They enable teams to respond to security breaches faster and more accurately and to observe and process data across multiple sites and locations in one place, making multi-site access management more efficient.

“While cloud-native access control offers compelling advantages, it’s not a universal solution,” states the report.

“Industries with strict security regulations or those with significant investments in existing infrastructure may find it impractical. Instead, the future of access control likely lies in hybrid cloud systems. This approach allows businesses to leverage the benefits of cloud storage, real-time

alerts and remote monitoring, while retaining their on-premise servers.”

8. Data-driven insights for workplace optimisation

By analysing detailed occupancy patterns over time, organisations can gain a clear, objective picture of how their buildings are being used, enabling them to optimise their real estate footprint based on evidence.

“For example, the data might reveal that a specific floor is consistently underutilised, prompting a consolidation rather than an expensive lease renewal,” states the report.

“Companies can also more effectively manage energy consumption by integrating access data with building management systems, automatically dimming lights or adjusting HVAC in empty sections.”

Such data provides authoritative insights into which spaces are most used, when peak usage times are and how different departments interact with the workplace. “Equipped with this information, leaders can make smarter decisions about resource allocation and future workplace design, transforming the physical security system into a strategic asset for driving operational efficiency.”

Public Safety Network access for more emergency responders

New Zealand’s emergency responder capability to be strengthened by new entity and expansion of the mandate of Next Generation Critical Communications.

Emergency Management and Recovery

Minster Mark Mitchell has announced the widening of access to the Public Safety Network to more emergency responders with the PSN’s Cellular Services available on a user-pays basis to eligible organisations from mid-2026.

“Around 25,000 frontline responders already use the Public Safety Network cellular services, improving coverage and reliability during emergencies. Cabinet has now given Next Generation Critical Communications (NGCC) the mandate to expand these services to the wider emergency management sector,” said

NGCC is a government entity exclusively focussed on critical communications for public safety. It is responsible for delivering the new Public Safety Network solutions and cellular Location Information Services, and its mission is to modernise the communications capability of emergency services.

New Zealand’s Emergency Services are made up of approximately 35,000 staff and volunteers who attend over five million calls for help every year.

“Our first responders and those who work in public safety, are simply outstanding. They go willingly into situations and places that most New Zealanders do not have to go. This change will support them in operational situations, and enable them to keep themselves and the public safe.”

Since 2020 NGCC been working on behalf of Police, Fire and Emergency New Zealand, Hato Hone St John, and Wellington Free Ambulance to deliver the $1.4b Public Safety Network.

NGCC will now support a larger eligible customer group of central and local government entities, not-for-profit organisations and infrastructure and lifelines companies.

“With top-tier emergency communications in place, New Zealand will be better prepared to respond to the variety of disasters we have seen over the past few years, such as Cyclones Gabrielle or Tam”.

The new limited liability company will be listed in Schedule 4A of the Public Finance Act 1989. Shareholding

Ministers of the new company will be the Minister for Emergency Management and Recovery and the Minister of Finance.

The Public Safety Network (PSN) consists of a digital Land Mobile Radio network under construction, live Cellular Roaming, Priority and Network Visibility Services, and the ongoing provision of personal alerting. It commenced following Cabinet approval in 2022 of an investment of $1.4 billion to be spent over 10 years.

The ability of emergency services to communicate effectively and securely with their staff is fundamental to the safety of over 35,000 frontline responders and the communities through New Zealand that they serve.

Security personnel falling foul of the PSPLA

The nation’s private security licence issuer continues its important work responding to complaints made against licence and CoA holders, with several personnel sanctioned in recent months for breaching licensing laws.

The Private Security Personnel Licensing Authority (PSPLA) continues its important work in considering complaints against security operators, posting 135 of its decisions on its website so far this year.

Reasons for complaints can include a security operator not having a licence or CoA for the class of work they’re doing, not wearing a visible identification badge while working, not giving the name and address of their employer, not completing training, breaking a condition of their licence or certificate, and misconduct or gross negligence.

Additionally, there are reasons covered under section 62 or section 63 of the Private Security Personnel and Private Investigators Act 2010 (PSPPI Act), which include things like criminal convictions, driving disqualifications and licences that have been cancelled or suspended in the past.

The grounds for making an objection include the applicant’s character, circumstances or background, as well as the things covered under the abovementioned section 62 and section 63 of the PSPPI Act.

The following is a selection of recent PSPLA decisions (acronyms rather than full names are used in this article although most cases are not subject to name suppression).

[2025] NZPSPLA 132 –

25 November 2025

JC has previous convictions for wounding with intent to cause grievous bodily harm, assaulting police, and resisting police. He had gotten into

a fight with another patron outside a local bar and assaulted a person who tried to stop the fight, fracturing several bones in the victim’s face. He then assaulted police who attended the scene, and resisted arrest.

According to the Authority, these convictions are grounds for disqualification under section 62 of the PSPPI Act and are therefore a mandatory ground for cancelling his Certificate of Approval – unless the grounds are waived.

JC did not attend the hearing and did not apply for waiver of the grounds for disqualification.

The Authority noted that although JC’s offending did not occur while he was working in security, it happened in a location where he could work as a security guard if he was allowed to keep his Certificate of Approval.

“Security guards are required to deescalate volatile situations, not create them,” noted the Authority. “In addition, they must work cooperatively with Police, and not assault them or resist arrest.”

The Authority found that JC is no longer suitable to be a responsible security guard, making orders that his Certificate of Approval be cancelled immediately and his Security ID be returned ID to the PSPLA within seven days of receipt of the order.

[2025] NZPSPLA 129 –13 November 2025

According to police, although LL declared in his application for a certificate that he had no overseas convictions, it turns out he had several convictions for violent offending in

Australia that resulted in him serving prison time.

LL notched up 11 Australian convictions for violent offending between 2015 and 2019. In 2019 he was sentenced to imprisonment after being convicted of destroying property, assault, contravening a protection order and stalking and intimidating. He was deported back to New Zealand in 2020.

Having served a prison sentence disqualifies LL from holding a certificate of approval under section 62(c) of the Act.

In addition, LL was recently charged with assault after allegedly assaulting someone outside an Auckland nightclub where he was working as a crowd controller. “Such behaviour fits within the definition of misconduct,” stated the Authority, “and if [he] is convicted of assault, it will be further grounds for disqualification.”

According to the Authority, LL was only granted his security certificate because he wrongly declared in his application he had no overseas convictions. The Authority noted that Australian convictions and prison sentences do not come up in the internal criminal history check undertaken at the time one applies for a Certificate of Approval.

“[LL] has a history of violent offending in Australia and has recently been involved in a violent confrontation while working as a security guard in New Zealand. In addition, he made a false declaration in his application for a certificate of approval,” stated the Authority.

“In the absence of any evidence to the contrary, I am satisfied that [LL] is no longer suitable to be a responsible security guard.”

The Authority ordered that ordered that LL’s Certificate of Approval be cancelled with immediate effect and that he return his security ID to the PSPLA within seven days of receiving the decision.

[2025] NZPSPLA 125 –07 November 2025

On 8 September 2025, JT was working as a property guard at an empty building in central Auckland where

copper wiring and pipes had been left on the floor. JT took two coils of wire and a copper pipe and sold them through a scrap metal dealer.

Upon questioning by police, JT made a full admission. Rather than being charged, JT was referred to Te Pae Oranga for theft by a person in a special relationship. He subsequently completed the Te Pae Oranga programme, which included community work and donating to charity.

“[JT] accepts the seriousness of what he did and extended a heartfelt apology for those he had harmed,” stated the Authority. “He says he wishes he could take it all back and that he will never do anything so wrong or foolish again. He says other than this one incident he has been a hardworking and reliable security guard.”

Nevertheless, JT said that his conduct was out of character and he has already paid a high price for what he did. He wished to be able to continue working in security.

Police say that JT is no longer suitable to be a security worker because he took and sold goods from a property where he was working as a security guard. Police say this amounts to misconduct and are asking for JT’s

certificate of approval to be cancelled.

According to the Authority, misconduct is a discretionary ground for cancelling a Certificate of Approval, and that there are alternative orders that could be made, including suspending the certificate, ordering the certificate holder to undertake further training, imposing conditions on the certificate, reprimanding the holder, or imposing a fine of up to $2,000.

“[JT]’s misconduct was serious and would have resulted in a disqualifying conviction if he had not been offered alternative resolution,” stated the Authority. “However, his Te Pae Oranga programme did include things in the nature of a penalty and [JT] lost his job because of his misconduct.

“[JT] has learnt his lesson, and his misconduct is unlikely to be repeated. I therefore consider the appropriate outcome is a reprimand, a fine and to impose a condition on [JT]’s COA. [JT] is also warned that this is his final chance.”

JT was fined $200 payable within one month, and a condition was placed on his COA to the effect that for 18 months from the date of this decision he must advise any new or prospective employer of his offending by providing them with a copy of the decision.

[2025] NZPSPLA 120 –

30 October

Several months ago, AC was charged with two offences of assault with intent to injure following an incident that occurred while he was working as a security guard. In September, he was discharged without conviction after pleading guilty.

Police have proceeded with their complaint as they allege Mr Cherrington is guilty of misconduct and is no longer suitable to work as a security guard.

According to the Authority, AC originally had become involved in the situation to defend other security guards, but instead of de-escalating things he made a “particularly volatile situation worse”.

“When one of the victims tried to remove himself from the scene [AC] followed him and punched him multiple times. He subsequently started punching a second person around the head and torso until other security guards grabbed him to make him stop.

The Authority found AC guilty of misconduct, which is a discretionary ground for cancelling his certificate of approval.

“Crowd controllers are required to keep order and protect patrons,” stated the Authority. “They should not be getting into physical fights and assaulting drunk patrons or inflaming

already volatile situations. The Police evidence is that Mr Cherrington’s actions went well beyond what was required in the defence of himself or others.”

The Authority ordered that AC’s Certificate of Approval be cancelled with immediate effect and that he is return his security ID to the PSPLA within seven days of receiving the order.

[2025] NZPSPLA 122 –03 November 2025

Late last year, ME was charged with shoplifting, assault and behaving threateningly and was subsequently convicted on all three charges in October. He was also convicted of assault on a child and assault with intent to injure after further offending which occurred while he was on bail.

Police advised that Mr Enoka is also recorded as having been involved in 10 family harm incidents. It is likely that alcohol has been a factor in some of these incidents, noted the Authority, “as the shoplifting and threatening language charges were laid after Mr Enoka stole bottles of alcohol from a liquor store and threatened to hit the shop worker with one of the bottles.”

According to the Authority, ME’s convictions are grounds for disqualification under sections 62(f) (vi) & (vii) of the PSPPI Act, as well

as being a mandatory ground for cancelling his Certificate of Approval in the absence of grounds for a waiver.

The Authority ordered that ME’s Certificate of Approval be cancelled with immediate effect and that he return his security ID to the Authority within seven days of receipt of the decision.

[2025] NZPSPLA 119 –24 October 2025

HK was convicted on firearms and drug charges on 29 September. Police say that in December 2024 they executed a search warrant against HK and found a loaded rifle and 119 rounds of ammunition along with 36 bags of ketamine and a substantial amount of cash. They commented that HK does not have a firearm’s licence.

Police further advised that HK has recently been charged with further potentially disqualifying drug, firearm and violent offences.

The Authority noted that HK’s convictions are grounds for disqualification under section 62(f)(i) & (v) of the PSPPI Act, as well as being a mandatory ground for cancelling his Certificate of Approval in the absence of grounds for a waiver.

The Authority further noted that HK’s former security employer advised that he supports the cancelation of HK’s COA as he considers it would

bring the industry into disrepute if he were allowed to continue working in security.

Finding that HK is no longer suitable to be a responsible security employee, the Authority ordered that his Certificate of Approval be cancelled with immediate effect and that he return his security ID to the Authority within seven days of receipt of the decision.

[2025] NZPSPLA 115 –16 October 2025

Police identified WB working as a security guard whilst failing to wear his identification badge. They also considered him deliberately obstructive in their interactions with him when questioned about his badge.

In response to the complaint, WB apologised, saying that he made a mistake in not having his badge on him. He agrees he did respond rudely to Police who he says, were rude to him. He filed a letter from his employer who confirms they have had discussions with him regarding the event and how to ensure such a situation will not recur.

The Authority found WB guilty of unsatisfactory conduct with respect to his engagement with Police. Although a discretionary ground for the cancellation of a COA, the Authority ultimately decided not to cancel, formally reprimanding WB.

[2025] NZPSPLA 112 –

09 October 2025

Police state that LI has been convicted on five drink driving charges, including three since he was first granted a Certificate of Approval, and that he is therefore no longer suitable to be a responsible security worker.

In September, LI was convicted on his fifth charge of driving with excess breath or blood alcohol and disqualified from driving indefinitely under section 65 of the Land Transport Act. He had also disqualified from driving indefinitely in 2022 after his fourth conviction for driving with excess blood or breath alcohol.

According to the Authority, these sentences are grounds for disqualification under section 62(e) of the PSPPI Act, and that they are therefore a mandatory ground for cancelling LI’s Certificate of Approval unless the grounds for disqualification are waived.

“[LI]’s fifth drink driving offence was only six months ago and in addition to being disqualified from driving, he was sentenced to community detention which he is still serving,” stated the Authority. “I do not consider someone who is serving a sentence of community detention is suitable to be working as a security guard.”

Finding that he is no longer suitable to be a responsible security employee, the Authority ordered that LI’s Certificate of approval be cancelled

with immediate effect and that he return his security ID to the PSPLA within 7 days of receiving the decision.

[2025] NZPSPLA 110 –06 October 2025

In April 2025 Police made a complaint against KS as he was facing four charges of money laundering and there was a warrant out for his arrest after he failed to appear in Court. At that time, the Authority acted to suspend his Certificate of Approval and put the complaint on hold pending the outcome of the charges.

Police further advised that KS left New Zealand in January 2025 and has not returned. “While [KS] has not been convicted, he has left the country and is avoiding facing up to charges he faces,” stated the Authority.

The Authority contacted KS by email giving him the opportunity to respond to the Police complaint and advising that unless he requested a hearing the Police complaint would be dealt with on the papers. He did not respond.

“A conviction on any of the charges [KS] faces will be grounds for disqualification under s 62 of the Act and therefore a mandatory ground for the cancellation of his COA,” stated the Authority.

The Authority found that KS is no longer suitable to work as a security guard and decided to cancel his CoA with immediate effect.

AI fake nudes, sextortion and scams surge to record highs

Netsafe says New Zealand is facing a new era of digital harm as AI-generated abuse, scams and harassment hit record levels, exposing serious gaps in the decade-old Harmful Digital Communications Act.

Releasing its Annual Review for July 2024–June 2025, Netsafe confirms it received 26,105 reports of digital harm, including 6,404 complaints under the Harmful Digital Communications Act (HDCA); the highest number since the Act came into force in 2016.

That year, just 600 people sought Netsafe’s help under the HDCA.

Online scams also intensified, with 14,407 scam reports this year and nearly $12 million in verified losses, as criminals adopted increasingly sophisticated deception tactics, including using AI-generated or fake images, and real-time impersonation.

The surge was so extreme that Netsafe came within days of exhausting the full annual quota of HDCA cases it is funded to manage, raising questions about the sustainability of the current system.

Chief Executive Brent Carey says the figures reveal a dramatic shift in both the scale and nature of online harm nationwide.

“We are seeing a boom in AIgenerated fake nudes, sextortion, deception, real-time impersonation scams and digitally manipulated abuse,” Carey said. “These are harms that simply didn’t exist when the HDCA was drafted. The law cannot keep pace and New Zealanders are paying the price.”

AI-generated abuse hitting New Zealanders faster than the law can respond

Netsafe is reporting rises in:

• AI-generated intimate images and fake nudes, especially affecting young people

• Sextortion targeting both teens and adults

• Celebrity and public-figure

impersonation scams, with AI deepfake audio and video

• Digitally altered images used for harassment, coercion and extortion

AI tools are enabling offenders to create highly realistic fake content in seconds, like deepfake voices mimicking parents during scam calls, Carey says.

“The HDCA was drafted for a digital landscape about traditional internet communications and social media. We’re now in an environment of virtual and augmented reality, decentralised communication platforms, encryption, hyper-real deepfakes, globalised scam networks and AI-amplified abuse. Victims are facing harms the law is struggling to fully address.”

Netsafe’s support of a report with the Helen Clark Foundation earlier this year warned that online harm is now a threat to social cohesion, not just

personal safety. Rising manipulation, polarisation and misinformation are undermining New Zealanders’ ability to trust what they see online.

Youth, Māori, LGBTQIA+ Pacific communities disproportionately affected

Netsafe’s data shows:

• Young people are experiencing harm through AI fake nudes and sextortion

• Māori and LGBTQIA+ and Pacific communities report higher rates of certain digital harms

• Women remain the primary targets of intimate-image abuse

• Smaller cities, including Nelson, and regions like Canterbury show disproportionately high reporting rates

Partnerships with Save the Children NZ, Youthline and other rangatahi-led organisationshave helped Netsafe expand youth-focused support and elevate young people’s voices in national solutions.

Funding flatlines despite record harm

Despite the dramatic increase in harm:

• 95% of HDCA complaints were resolved without court action

• 98% were resolved within 15 days

• Netsafe’s national scams helpline is without recurring government

funding and relies on philanthropy and corporate sponsorship

Carey says the pressures are now mounting. “We have the highest levels of digital harm in New Zealand’s history, but we’re operating under an Act that hasn’t been reviewed in more than a decade,” he said.

“There is still no national anti-scam strategy or an Anti-Scam centre for crimes which our 2025 State of the Scams report found costs the economy $3 billion a year. New Zealanders deserve a modern online harm prevention system that can keep pace with the threats they face.”

Netsafe expands support as harms escalate

Over the past year, Netsafe achievements included:

• Opened a new regional Dunedin office to strengthen South Island digital harms support

• Acquired the Sticks N Stones charity, expanding our national anti-bullying programmes

• Delivered more education resources with new content on AI-driven harms, safer online dating and body image toolkits

• Relaunched our AI powered Re:Scam.org initiative to counter AI-enabled scam tactics

• Delivered award-winning awareness campaigns, including SpicyNoods. nz tertiary aged sextortion campaign

• Contributed to international safety efforts through the Global Online Safety Regulators Forum

Netsafe also increased its global digital development role, supporting realm countries, Pacific and Southeast Asian partners to strengthen online safety ecosystems and sharing New Zealand’s expertise in trust and safety, online harm prevention and digital citizenship.

“We remain focused on delivering essential frontline helpline and education services for all New Zealanders, while strengthening ties with international partners to ensure our systems are globally connected, innovative and sustainable,” Carey said.

Call for urgent HDCA review ahead of the Act’s 10-year anniversary

Netsafe is calling on the Ministry of Justice to lead a modernisation of the HDCA before the Act reaches its 10year anniversary in 2026.

Carey says the review must examine whether the current legislation is fit for a digital age characterised by AI manipulation, global scam networks and rapidly evolving online harm.

“We need a modern HDCA, a funded national anti-scam strategy, and investment in prevention and victim support. Short-term fixes and piecemeal projects will not protect New Zealanders in the long run.”

The full Netsafe Year in Review 2024–2025 is available here .

Security industry news round-up

We deliver the top security industry stories from around New Zealand, including new hires at FIRST Security, wins for Red Badge, a return to Gallagher, last hurrah for Workforce Development Councils, and fast times for Nextro.

Nextro named New Zealand’s 40th fastest growing company

At the Deloitte Fast 50 event at Eden Park, Nextro was recognised for achieving 132% revenue growth in the three years to March 2025.

“Nextro is on a mission to secure New Zealand - and this award highlights the momentum that the Nextro team has achieved providing cyber, physical, and electronic security solutions to our customers and partners across New Zealand”, said Martyn Levy, Managing Director, Nextro.

Nick Gibbs appointed FIRST Security Chief Operating Officer

After 25 years in security and seven at FIRST Security, Nick Gibbs has been promoted to COO, taking over from Steve Sullivan, who has returned to Melbourne after six years in the role.

“Beginning his career in 2000 while studying at university, he has built a strong track record of operational excellence and strategic leadership,” stated the announcement.

“Steven has made an incredible contribution to FIRST Security and we sincerely thank him for his outstanding leadership during his time with FIRST Security — he will be greatly missed by the entire organisation.”

Natasha Fraser has also joined FIRST Security as its new Senior Management Accountant.

“Natasha joins us with 11 years of experience at Wilson Parking NZ, where she worked as a Commercial Business Partner,” stated the announcement. “She brings a wealth of accounting and commercial expertise to the team.”

Grant Scannell has also been a recent FIRST appointee, becoming Branch Manager, Invercargill. Grant spent much of his career leading teams in the transport industry, including 17 years running taxi companies, and two years as President of the Small Passenger Service Association (formerly the NZ Taxi Federation) in 2022 and 2023.

Finally, Chris Bartlett also joins FIRST as Compliance & Operations Manager, AOR/AT Events. He brings over 40 years of experience in the telecommunications industry in the UK, including more than 20 years in operations.

Minister for Social Development and Employment visits Red Badge

Late November saw Louise Upston, Minister for Social Development and Employment, visit Red Badge to talk security industry and its role in supporting job seekers.

“Minister Upston was keen to understand the real challenges we face in the industry - what’s working, what’s not, and where MSD might be able to help get more job seekers into meaningful work, even if it’s just a casual start.

“What stood out was the recognition of our industry as a stepping stone into other careers - whether it’s Police, Corrections, Aviation Security, Immigration, or other public service roles. We’re proud to be part of a sector that opens doors and helps people build skills and careers that transfer across New Zealand’s workforce.”

Red Badge HR Rising Star

Red Badge Group People & Culture Advisor Ellie Webb has been announced as an Excellence Awardee for HR Rising Star of the Year at the HRD New Zealand Awards 2025.

“In just five years in HR, Ellie has already made a remarkable impact - from leading the rollout of online learning (with over 5,300 courses completed in

2024) to creating our People & Culture portal that gives managers nationwide the tools they need at their fingertips,” stated the announcement.

“Her work has strengthened our health & safety culture, streamlined processes, and supported major transitions - all while showing care, curiosity, and commercial acumen beyond her years.”

It was a double celebration for Red Badge, with the organisation also picking up an Excellence Award for Employer of Choice.

In what’s been a golden couple of months for Red Badge, security officer Johnny Mapusua was recently awarded a Certificate of Merit by Police Commissioner Richard Chambers.

The honour recognises the bravery Johnny showed during the 2021 LynnMall terrorist attack – just three days after Red Badge took over the guarding contract for New Zealand’s oldest shopping mall.

“Johnny was one of the first on scene, providing immediate first aid to

victims. His quick actions and courage, without a doubt, helped save lives.”

Johnny, this recognition is incredibly well deserved. We are beyond proud to have you as part of the Red Badge team.

Aotea Security 2025 AI & Cloud Seminar

Aotea Security recently hosted a halfday seminar that brought together some of the leading voices in AI and cloud technology to discuss the impact this technology is having on the electronic security industry.

The event featured insights from leading guest speakers, including Vincent DLima from Dell Technologies, Ian Peters from CyberCX, and Mike McKim from Channel Ten. Each speaker provided perspectives on how AI and cloud solutions are driving smarter, more efficient systems across the electronic security sector.

Attendees gained a deeper understanding of real-world applications and explored what’s next for the industry. The presentations demonstrated how businesses can leverage these emerging technologies to enhance their security operations and stay ahead in an ever changing landscape.

The event was supported by Gallagher Security, Hanwha, Axis Communications and Milestone.

Eugene Donovan returns to Gallagher Security

Gallagher Security has announced the appointment of Eugene Donovan as Training Solutions Engineer, based in Hamilton.

Eugene is no stranger to Gallagher, having previously worked within the business before spending the past three years with a newly established Gallagher Channel Partner.

“Returning to Gallagher feels like coming home,” says Eugene. “What drew me back is the people and culture. There’s a commitment to innovation and giving back that extends far beyond just security.”

With a career in the security industry that began in 2003, Eugene has held a range of roles with a focus on training and education. In his new role, Eugene is looking forward to bridging the gap between theory and practice in Gallagher’s training programmes.

“With my mix of hands-on experience from the field and years of training, I want to help people understand what to do, as well as why it matters. It’s about building confidence, capability, and purpose in every learner.”

“His ability to connect with people and translate complex concepts into real-world understanding makes him a fantastic addition to our training team,” said Wayne Scott, General

Manager – New Zealand. “We’re thrilled to have him back and look forward to the impact he’ll make in empowering our partners and end users.”

ASIS Meeting talks threats

ASIS International New Zealand Chapter Secretary Reck Diogo reports that the group’s most recent chapter meeting was an informative one.

“In a twist of fate (I swear it was a coincidence!), our ASIS New Zealand first women-only panel landed on International Men’s Day,” reported Reck on LinkedIn. “Who knew that was a thing?”

The meeting heard from two speakers tackling some of New Zealand’s most pressing challenges. Jing Wyllie from KordaMentha shared insights into cyber and financial crime.

“$400 million NZD was siphoned from victims in the past year due to cyber fraud,” stated Reck. “That’s a staggering figure, and a stark reminder of how real and relentless these threats are. She also explored how AI is both a powerful tool and a growing risk in this space.

“Antonia from New Zealand Security Intelligence Service presented the latest New Zealand’s Security Threat Environment report,” he continued. “While the terrorism threat

level is currently low, she emphasised that this is no reason for complacency. Staying vigilant is more important than ever.”

2nd Annual OHS Leaders Summit

NZ

Jonathan Howe, Business Director –Security & Risk at Beca, delivered a presentation at the recent 2nd Annual OHS Leaders Summit NZ titled:

“The Changing New Zealand Security Environment and How It Impacts Our People’s Safety and Security.”

Jonathan explored how international geopolitical developments are influencing the safety, wellbeing, and resilience of organisations and their people across New Zealand, reported Focus Network on LinkedIn.

Jonathan shared guidance on identifying key security risks, fulfilling duty-of-care responsibilities, and taking proactive steps to safeguard employees in an evolving risk environment.

Key takeaways included (i) understand how macro geopolitical factors influence frontline service delivery and staff safety, (ii) identify areas of greatest security risk within operational environments, (iii) learn what constitutes due diligence in protecting people from harm, and (iv) explore reasonably practicable steps

leaders can take to mitigate security hazards.

Industry Skills Boards to replace Workforce Development Councils

As we approach the end of the year, the security industry is gearing up for a major shift in vocational education, reports NZSA Security Training and Professional Development SIG chair Andy Gollings.

“From 1 January 2026, the Government will replace Workforce Development Councils (WDCs) with eight new Industry Skills Boards (ISBs),” stated Andy in a recent NZSA newsletter.

“These boards will take over standard-setting and work-based learning responsibilities, with the Services ISB expected to retain oversight of security qualifications and quality assurance.”

Some legislative provisions may be enacted earlier – late October or November – allowing ISBs to begin operations ahead of schedule.

Although industry representatives have praised the outgoing WDC team for their collaborative approach and strong engagement, concerns remain around the introduction of moderation charges by ISBs, which may affect training providers and course affordability.

New scam protections for consumers headline Fraud Awareness Week

New legal protections announced 17 November will enable banks, telecommunications providers and digital platforms to act faster to block suspected online scams,

The new legal protection, known as a safe harbour, is for online service providers that take reasonable, good faith steps to disrupt suspected scams.

“Too many Kiwis are being ripped off by scams that spread through fake websites, texts and social media,” said Commerce and Consumer Affairs Minister Scott Simpson.

“Entities tell us they want to pull these scams down earlier, but they worry about being prosecuted if they accidentally take down a legitimate customer or website. These changes give them more confidence to act when something looks wrong.”

“If a bank wants to pause a suspicious payment, or a telco wants to block a fake website link in a text campaign, we want them to be able to do that promptly without looking over their shoulder.”

The safe harbour will include conditions to protect legitimate customers and businesses. It will only apply where the provider has reasonable grounds to think the activity or website is a scam, and the action taken is reasonable and proportionate to the risk.

Any disruption to legitimate customers or businesses is corrected as soon as it is discovered.

The work supports the New Zealand Anti Scam Alliance, a cross-sector group bringing together government agencies, banks, telecommunications providers, digital platforms and consumer representatives to prevent, detect and disrupt scams.

To complement the safe harbour, the Alliance is also exploring a “trusted flagger” system. Under this model, regulators and law enforcement could provide reliable information about suspected scams to online providers, helping them distinguish scams from legitimate activity and act with greater confidence.

In the last year alone, Payments NZ has reported gross scam losses of around 265 million dollars through New Zealand bank accounts.

“Those numbers are too high,” Mr Simpson said. “We need a prevention first approach, where scams are blocked as early as possible.”

Today the New Zealand Banking Association has also announced a new fraud intelligence tool that will help stop scammers using “mule” accounts to move stolen money through the banking system.

The system will help banks:

• Identify and share information about suspected mule accounts more quickly.

• Freeze funds before they are moved on.

• From 30 November, meet their commitment to warn customers if they are about to send money to a high risk account.

“This technology will help banks move faster when money is at risk, and it fits well with the Government’s push to give providers more confidence to intervene early,” Mr Simpson said.

“Scams are constantly evolving, and no single organisation can tackle them on their own,” he said. “These changes are about backing the providers who see scams first, and giving them the tools and confidence to shut them down faster.”

Victoria introduces tough new retail crime laws

The Australian Security Industry Association (ASIAL) has welcomed new retail crime laws passed by the Victorian state parliament to protect retail, hospitality and transport workers.

Abusing shop assistants, assaulting fast-food workers, threatening rideshare drivers and even throwing coffee at waiters will now mean serious consequences under new laws passed in the Australian state on 02 December.

The Crimes Amendment (Retail, Fast Food, Hospitality and Transport Worker Harm) Act 2025 creates new offences to crack down on abuse, threats and assaults against hardworking Victorians who serve others and keep Victoria moving.

Under the new laws which will be enacted ahead of the Christmas season, a serious new indictable offence will apply to anyone who assaults or threatens to assault a retail, fast food, hospitality or transport worker. Those charged face up to five years’ imprisonment under this offence.

Separate summary offences will also apply for lower-level assaults and threatening or intimidating conduct –including profane, obscene or insulting language – with penalties of up to six months’ jail. These offences have a lower threshold to give police a flexible range of options to intervene early and protect workers.

If the conduct occurs in connection with the person’s work – while serving customers, transporting passengers, making deliveries, stacking shelves, or even when arriving, leaving or on breaks – the new offences will apply.

The new protections cover all customer-facing workers – from retail and hospitality staff to security, cleaners, delivery riders, taxi and

rideshare drivers, public transport operators and even contractors working on-site.

ASIAL, Australia’s peak security industry body, has welcomed the new laws, stating that it has long advocated for these changes.

Around 800,000 retail crime incidents were reported across Australia in the last year. The Australian Retail Association said that on top of 70 percent of retailers reporting an increase in customer theft, more than half of retailers experience physical abuse monthly or more often.

Ram raids will now also be recognised as aggravated burglary, carrying a maximum penalty of 25 years’ imprisonment, and serious or repeated offending will fall under Adult Time for Violent Crime.

“We’ve listened to workers, unions and industry – and these laws respond

directly to the disturbing rise in abuse and violence in workplaces across Victoria,” said state Attorney-General Sonya Kilkenny

“Every Victorian deserves to be safe at work. These laws strengthen protections and we’ll continue that work with Workplace Protection Orders.”

Next year the Victorian government plans to introduce new laws to establish Workplace Protection Orders that will ban individuals from workplaces if they are violent to retail.

New South Wales, Western Australia, South Australia, Queensland, Tasmania and the Northern Territory have all passed laws strengthening penalties for assaults on frontline or retail workers, while South Australia and the ACT have already introduced Workplace Protection Orders.

unbreakable universal mounting

•Low power consumption - low operating temperature

•One product suits floor and wall mounting

•Universal armature - offsets to 55º to suit doors opening past 90º • Wall mount extensions available •12 & 24 VDC selectable • Push off button with no residual magnetism • Oversize armature for easy alignment • Emergency release button

•Electroless nickel plated armature and electromagnet

•Stainless fastenings • Full local support and back up

10 YEAR GUARANTEE*

Designed, tested and produced in New Zealand to AS4178

A)Wall

Surface and Recess mounting

This device enhances an outstanding range of unbreakable products which conveniently hold open fire doors. When a smoke/fire alarm is activated the magnet instantly releases the door to the closed position to prevent the spread of smoke and fire. These units feature a choice of 3 covers for optimum aesthetic appeal and durability. The installer can utilise one device for surface mounting or for recess mounting.

NZSA CEO’s November Newsletter

In this monthly update, NZSA CEO Gary Morrison covers residency pathway for security technicians, pre-employment training modules, biometrics legislation, Skills Group scheme for apprentices, and more.

Gary Morrison is CEO of the New Zealand Security Association (NZSA). A qualified accountant, Gary was GM of Armourguard Security for New Zealand and Fiji prior to establishing Icon Security Group.

Congratulations to all winners at the 2025 New Zealand Security Awards event held at the Grand Millennium Hotel in Auckland on 26 September, and especially our SPOTY (Security Professional of the Year), Ray Nisbet, from FIRST Security. The awards continue to highlight the depth of talent within our sector and the pride that we take in maintaining the highest standards of service and conduct.

It was great to have the event sold out and the feedback from the 230 attendees has been exceptional. We have certainly set a very high benchmark in the quality of the venue, catering and entertainment for next year’s event to be held at Hui Hui, Parliament Building in Wellington on Friday 4 September 2026.

Also, special mention to Ministers Mark Mitchell and Nicole Mckee for their attendance and support, along with special guests including Trish McConnell (Registrar for PSPLA), Sunny Kaushal (Chair for Ministerial Advisory Group), Kari Scrimshaw (CEO for Ringa Hora) and Carolyn Young (CEO for Retail NZ).

Based on international best practice, it emphasises practical measures for both the public and private sectors, including risk assessment, coordination and response planning.

For the security industry, the campaign reinforces the importance of our partnerships with police, local government and venue operators. Security personnel are often the first to identify and respond to emerging threats, so understanding and integrating the “Escape, Hide, Tell” messaging into training, operations, and client communications will be key to ensuring consistent and effective public safety outcomes.

In conjunction with promoting the “Escape, Hide, Tell” strategy, the NZSA is supporting a specialist training program for a Security Control Room (SCR) Managers course being facilitated by NPSA (National Protective Security Authority) in Sydney during December. Look out for more information with regards to the course later within this newsletter.

Residency pathway for Security Technicians

Strategy

Escape, Hide, Tell – launch of New Zealand Crowded Places

During September the Police officially launched their formal crowded places strategy, introducing the public awareness campaign “Escape, Hide, Tell”. The strategy is focused on improving awareness, readiness and resilience in crowded public spaces –such as malls, events and transport hubs – against potential terrorist or active threat incidents.

We are very pleased to advise that after significant lobbying over the last year, Immigration New Zealand has now formally recognised Security Technicians within the Skilled Migrant and Accredited Employer Work Visa framework.

This is a significant and welcome development for our sector, which has been experiencing a welldocumented shortage of experienced technical personnel. The new pathway recognises the increasingly complex nature of electronic security work – encompassing system

HIDE TELL ESCAPE

design, networking, integration and compliance – and gives employers greater certainty when recruiting from overseas and for employees, certainty of a pathway to residency.

For our members this represents an opportunity to strengthen workforce planning and capability, ensuring our industry can continue to deliver high quality, technology driven security solutions across the country.

Biometrics legislation

We remind members that the Biometric Processing Privacy Code that creates specific privacy rules for businesses and organisations using biometric technologies to collect and process biometric information comes into force on 3 November 2025. Businesses already using biometrics do however have a nine-month grace period to move to the new set of rules. The transition ends on 3 August 2026.

The Code is designed to ensure that those businesses implementing and using biometric technologies are doing it safely and in a way that is proportionate.

For businesses who provide or use biometric technologies we strongly recommend that you are familiar with the Code and follow the guidance documentation provided by the Privacy Commissioner.

Development of pre-employment training modules

The NZSA, in collaboration with industry partners and training providers, has progressed work on a suite of Pre-Employment Training modules aimed at new entrants to the guarding and patrol sectors and seeking to apply for a Temporary CoA.

The initiative focuses on foundational learning in communication, conflict management, situational awareness and legal responsibilities – helping ensure that new security officers enter the workforce better prepared and aligned with employer expectations pending their undertaking the formal CoA training unit/skill standards.

Early feedback from pilot testing has been very positive and we are looking to launch the modules via the NZSA Training Hub by early 2026. Whilst pricing is still to be finalised, we intend to keep the cost very low as we do not want to place barriers in front of the individuals entering the industry.

We have also had very positive discussions with the Registrar for the PSPLA with regards to certification from the Pre-Employment Training modules to be a pre-requirement for application for a Temporary CoA, however timing for this will be

dependent on a change to the current regulations.

Look out for notice of the launch date!

Introduction of Skills Group Scheme for apprentices

The NZSA is currently working with Skills Group to extend the current Group Scheme for electrical apprentices to include security technician apprentices, and to offer coverage to NZSA members.

Under the Group Scheme, Skills Group employs the apprentices and is fully responsible for all employment responsibilities, including the cost of training, but the apprentices are assigned to “host companies” who pay an agreed rate while the apprentices are with them.

The scheme is designed to provide a win-win situation for the apprentice and their host company.

For the apprentice, the objective is to gain the necessary on-job experiences to fulfil the task competency requirements of their apprenticeship. For the host company, the primary objective is to minimise risk and add value to their business.

Benefits for employers include:

• You don’t have to worry about all the usual employment related and training issues.

• You don’t need to make a commitment for the duration of the apprenticeship unless you choose to, which gives greater flexibility and reduced risk.

• You will typically save thousands of dollars over the course of their training.

• If for any reason the apprentice is not a good fit, you can send them back or seek an alternate replacement.

If this of interest, let me know and I can facilitate discussion with our contacts at Skills Group.

As always, we welcome all comments and feedback on NZSA or industry issues and activity.

Keep safe and well.

Genetec predicts top physical security trends for 2026

According to Genetec, organisations will focus on flexibility, responsible AI, and unified connected systems to strengthen security and operational performance.

Choice and flexibility will define the next phase of cloud adoption

Rather than committing to a single cloud deployment model, enterprises will evaluate each based on performance, cost, and data residency requirements. They will choose the environment that best supports their needs, whether it’s on-premises, in the cloud, or hybrid.

Open architecture solutions will give end users the freedom to choose the devices and applications that best support their operations. This approach will extend the life of existing infrastructure while allowing teams to adopt cloud services where they add the most value.

Vendors that offer full-range deployment options and strong interoperability across environments will be best positioned to meet these expectations. Open solutions provide a more adaptable path that supports long-term flexibility and control.

AI moves from hype to intelligent automation

In 2026, the conversation will shift from AI hype to practical, outcomedriven Intelligent Automation (IA) solutions that streamline workflows, improve accuracy, and enable faster, smarter decisions. IA will increasingly automate repetitive tasks, enhance monitoring precision, support predictive maintenance, and extract meaningful insights from growing data volumes.

Rather than adopting technology for its own sake, users will focus on features that genuinely improve daily operations, such as intelligent search

to accelerate investigations, reduce false alarms, and strengthen situational awareness.

As the market matures, expectations around transparency and responsible implementation will rise. Users will demand clarity on how AI is used, how systems are built, and how data is collected, processed, and protected.

Access control modernisation will accelerate

The value of access control is expanding well beyond locking and unlocking doors to deliver measurable business outcomes, such as energy efficiency, occupancy management, and operational insights.

Access Control as a Service (ACaaS) adoption will accelerate as organisations prioritise easier maintenance, greater scalability, and predictable operating costs. Unifying ACaaS and Video Surveillance as a Service (VSaaS) will further enhance visibility and streamline management across sites.

Mobile credentials and biometrics will continue to transform identity management, offering greater

convenience and security while decentralising ownership of identity data.

Connected systems will bring intelligence and efficiency to security operations

The number of connected devices will continue to surge as organisations integrate IoT sensors, building systems, and smart devices into unified platforms. Bringing this information together in one place will give teams a clearer view of what is happening across their facilities and help them respond faster.

The convergence of IT, operational technology, and physical security will accelerate, enabling real-time data sharing and smarter decision-making across facilities. End users will expect open, scalable platforms that connect diverse devices securely and deliver both operational and security value.

The leaders in this space will be those who unify diverse devices securely, offer cloud-native and hybrid options, and embed cybersecurity and data residency into their design.

COA pre-employment training modules now available

The New Zealand Security Association has released a new training module designed to support security providers in helping their new staff to start their career in security.

The New Zealand Security Association (NZSA) has launched a new Pre-Employment Training Module to help people take their first step into the security industry. This training is suitable for:

• Personal Pre-employment (pre-CoA)

• Company Refresher Training

• Company Induction Training

The NZSA is working with the Private Security Personnel Licensing Authority (PSPLA) to make this course a requirement for a temporary Certificate of Approval (CoA) application. The module can also be used by employers of security staff as part of their induction training and as refresher training.

The short online course (around two hours) teaches the basics of working in security and provides a certificate that helps participants:

• Apply for entry-level security roles

• Meet your employer expectations

• Begin the process of applying for their Blue CoA licenc

e The training can be completed anytime, online and is well priced to ensure it is accessible for job seekers and as a cost-effective resource for companies. All graduates receive a certificate of completion.

Member Feedback

The NZSA has shared the training modules with several of its members to trial and the feedback has been very positive.

“I have completed the courses, and I am genuinely impressed. The modules are great - well-structured, engaging, and easy to complete without being overly simplistic,” commented Anna Barragan, National Manager, Operations, Global Security Solutions Ltd.

“The interactive elements and content are pitched perfectly for the security industry. It covers the main important parts for the role,” she said.

“I believe this is something genuinely valuable that fills a real gap in the market. I will be looking at implementing this for our team as both new starter training and annual refreshers once released.”

Course costs

One course: $20 incl. GST Ten courses: $175 incl. GST (members); $200 incl. GST (non-members)

Licences

NZSA member companies that would like to access the course files for their Learning Management System should contact nzsa@security.org.nz for details.

“As NZSA members we know you sometimes struggle to find quality new team members,” said the NZSA in its announcement of the new module. “This new initiative by the NZSA and the PSPLA aims to help prepare people for the industry and provide a clear pathway to a CoA and a new career.

“We encourage you to share this information with your HR teams and recruitment partners.”

Australian Security Industry Awards winners

Congratulations to the finalists and winners of the 2025 Australian Security Industry Awards, a diverse cohort of inspirational professionals representing the best of the industry across the ditch.

The awards, hosted by the Australian Security Industry Association Limited (ASIAL), the Australian security sector’s peak industry body, took place at a glittering gala dinner event on the evening of 30 October at the Park Hyatt Melbourne.

As per usual, the event brought together three national awards programmes, including the ASIAL Australian Security Industry Awards for Excellence, the Outstanding Security Performance Awards, and the Australian Security Medals Foundation Awards.

And the winners of the 2025 Australian Security Industry Awards are:

ASIAL Australian Security Industry Awards for Excellence

Electronic Security Installation Over $500,000

Securitas Electronic Security

Electronic Security Installation Under $500,000

SPL Security Solutions

Diversity & Inclusion

EON Protection

Individual Achievement - Protective Security Services

Maddison Pirie, Access Group Solutions

Individual Achievement - Technical Security

Tony Pham, Sapio

Integrated Security Solution Over $500,000

OmniVision

Integrated Security Solution Under $500,000

Optic Security Group, Sapio - Moreton Bay

Product of the Year - Access Control Systems

Inner Range, IR Connect

Product of the Year - Alarm Systems

Gallagher Security, High Sec Controller 7000

Product of the Year - Physical Security

Jack Fuse, Electronic Break Glass

Product of the Year - Video Surveillance Systems (CCTV IP System/Solution)

KEENFINITY / Bosch, DINION Thermal 8100i

Axis Communications, Q6358-LE

Security Equipment Manufacturer/Distributor/Supplier

Davcor

Unsung Hero - Electronics Security Sector

Rebecca Sorgiovanni, Optic Security Group

Unsung Hero – Protective Services Sector

Bryan Otuhouma, Access Group Solutions

Outstanding Security Performance Awards

Outstanding Contract Security Company (Guarding)

Ultimate Security Australia

Outstanding Female Security Professional

Suzanne Frazer, Amazon

Outstanding In-house Security Manager/Director

Umberto Tosti, Fortis Security

Outstanding Security Consultant

Intelligent Risks

Outstanding Security Partnership

Pacific Fair, GPT and Assetlink

Outstanding Security Team

Access Group Solutions, Charlestown Square Team

Outstanding Security Training Initiative

Risk 2 Solution Group, Presilience®

Outstanding Young Security Professional

Mohamed Jama, Sapio

The Australian Security Medals Foundation Awards

Australian Security Medal

Darlene Winston, iLead Mentorship Program

St John ‘Save a Life’ Awards

Andrew Harland, Security Team Leader (Parliament of Western Australia).

Hasim Umarji, Security Officer (Glad Group).

Muhammed Rameez, Security Officer, Eran Siton, Security Officer, Ubaid Ali, Security Officer, Asad Ullah, Security Officer (MSS Security), Abdul Raheem, Security Officer, Matthew Cain, Security Officer (Securecorp), Ethan Korycki, Security Supervisor, Riek Post, Security Manager, Kamran Victor, Security Team, Willem Van Der Huel, Security Team, and Shane Wheeler, Security Team (Assetlink).

The 2025 Australian Security Industry Awards official photographs have been published and are now available on the Australian Security Industry Association Limited (ASIAL) website.

Axis signs CISA’s Secure by Design pledge for cybersecurity

Axis Communications announces it has signed the U.S. Cybersecurity & Infrastructure Security Agency’s Secure by Design pledge to transparently communicate about the cybersecurity posture of its products.

The voluntary Secure by Design pledge of the US government agency, Cybersecurity & Infrastructure Security Agency (CISA), calls on manufacturers to make the security of customers a core business requirement by addressing seven key aspects of security:

• Use of multi-factor authentication

• Reduce default passwords

• Reduce classes of vulnerabilities

• Enable customers to easily install security patches

• Publish a vulnerability disclosure policy

• Demonstrate transparency in vulnerability reporting

• Demonstrate a measurable increase in the ability for customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products

“CISA’s Secure by Design pledge aligns well with our goal of making cybersecurity a core part of what we offer,” said Axis Communications Chief Technology Officer Johan Paulsson. “By making this pledge, we affirm our continuous commitment to helping customers follow cybersecurity best practices and drive greater accountability in the physical security industry.”

Axis will address the Secure by Design pledge in its product portfolio, ranging from AXIS OS-based network products, video and device management software, to service offerings like Axis Cloud Connect.

Reducing the risk of software vulnerabilities is an integral part of Axis software development. Axis developers follow the Axis Security Development Model (ASDM) in order to mitigate security risks throughout the product lifecycle.

The security framework, involving processes and tools, also includes strengthening product security through external resources, namely through Axis’ bug bounty programs and enabling people to easily report bugs or vulnerabilities to the Axis Product Security Team.

Axis patches and discloses vulnerabilities as a CVE Numbering Authority (CNA), and the company’s published vulnerability management policy outlines what, when and how it works with vulnerability disclosures. The Axis Trust Center serves to provide cybersecurity and compliance information for Axis as a company and for AXIS OS-based

network products, and will eventually cover other Axis products and services as well.

AXIS OS-based network products

Axis’ IP-based network devices, from cameras, intercoms, loudspeakers and access control products, are powered by the operating system, AXIS OS. AXIS OS is designed with no default passwords. It supports multi-factor authentication when customers access the devices using centralised identity and access management (IAM).

AXIS OS enables zero-trust networking by default from factory for secure device verification and onboarding. It allows Axis network products to automatically authenticate through IEEE 802.1X with their IEEE 802.1AR-compliant secure device identities.

AXIS OS also supports powerful encryption through IEEE 802.1AE MACsec, protecting, at the fundamental level, network protocols like NTP and DHCP that do not offer native security, and double-encrypting secure protocols, such as HTTPS and other TLS-based protocols.

Additionally, AXIS OS-based devices feature hardwarebased secure key storage functionality that is certified to FIPS 140-3 Level 3, together with Common Criteria EAL6+.

Axis’ approach to the cybersecurity of other offerings, including Axis Camera Station, Axis device management software, and Axis Cloud Connect, are described in the announcement .

New report highlights consumer cybersecurity behaviours, AI concerns and risks

14 percent fell victim to scams in the past year as social media overtook email as cybercriminals’ preferred delivery channel, according to new Bitdefender report.

Global cybersecurity company Bitdefender has released its 2025 Consumer Cybersecurity Survey, based on an independent survey of more than 7,000 consumers worldwide. The report reveals key cybersecurity behaviours, practices, and concerns shaping how individuals engage with technology in their daily lives, highlighting persistent gaps that leave many vulnerable to malware, fraud, scams, and data theft.

This year’s findings also underscore the double-edged role of artificial intelligence (AI): while it powers

advanced protections for consumers, it is also being weaponised by cybercriminals to create more convincing scams and mislead the public.

“These findings highlight the growing importance of cybersecurity awareness as attacks on consumers become more frequent and sophisticated in the age of AI,” said Ciprian Istrate, senior vice president of operations at Bitdefender Consumer Solutions Group. “Bitdefender has long pioneered the use of ‘good’ AI to combat cybercrime, but threat actors are now leveraging it to enhance their attacks.

“Strong passwords, mindful cookie management, and trusted security

solutions can go a long way toward reducing risk. Cybercriminals are relentless, but awareness and the right tools empower consumers to defend themselves.”

The 2025 Consumer Cybersecurity Survey is based on an independent survey and analysis of over 7,000 consumers across Australia, France, Germany, Italy, Spain, the United Kingdom, and the United States.

Key findings from the 2025 Consumer Cybersecurity Survey include:

AI scams dominate consumer fears When asked about artificial intelligence, the top concern was its use in sophisticated scams such as deepfakes (37%), followed by job loss (30%) and misinformation (29%).

Regional concerns vary: UK respondents were most worried about AI replacing human jobs (39%), while Germany, Italy, and Spain ranked misinformation as the second-highest threat after scams. Generationally, nearly half of those 55+ (46%) worry about AI scams compared to just over a third of Millennials (34%).

Scams continue to hit consumers hard

Fourteen percent of respondents (1 in 7) reported falling victim to a scam in the past year, with an additional 4%

unsure. Based on an average scam loss of $545, that equates to over $534,000 lost among survey participants alone. The US led in scam victims at 17%, followed by the UK (16%) and Australia (16%), while France had the lowest at 11%.

Social media overtakes email as cybercriminals’ top channel for scams

Social media is now the leading medium for successful scams at 34%, surpassing email (28%), phone calls (25%), text messages (24%), and online ads (21%). Age differences are notable: respondents aged 25–34 were more than twice as likely as those 55+ to be scammed via social media (43% vs 20%).

Bitdefender research aligns with these results, showing a sharp increase in criminals leveraging social media for malvertising, malware distribution, and hijacking high-profile accounts.

Consumers juggle an average of five online accounts

Respondents reported managing an average of five online accounts, with nearly two-thirds holding at least three. About one-third (32.8%) have 3–5 accounts, and another 32.4% have 6–9 accounts, a slight dip compared to 2024. UK respondents led with the most (40% holding 6–9 accounts),

while Spain (21.7%) and France (25.6%) had the fewest.

Poor password practices continue to undermine security

Over one-third (37%) of respondents still write down passwords, while 32% reuse the same password across multiple accounts. US (42.6%) and Italian (41.6%) respondents were most likely to write down passwords, while UK respondents were least likely (29.9%). Meanwhile, 27% use password managers, 16% rely on browser autofill, and 13.6% use Apple’s password autofill feature.

Younger consumers (ages 16–34) were more likely than those 55+ to reuse passwords across three or more accounts (20% vs 14%), with higher rates of poor password hygiene among those who had been scammed (23%) versus those who had not (16%).

Cookie complacency endangers both privacy and security

Nearly half (48%) of respondents accept all cookies by default, while only 36% manually manage them and 16% reject all. Alarmingly, 75% said they don’t read—or only skim—the terms before accepting.

Convenience drove behaviour: 70% said they accepted all cookies to reach content quickly, while 25% were unconcerned about data tracking. This

leaves consumers open to privacy and security risks, as cookies can enable profiling, data exploitation, and even session hijacking.

Mobile and device security often overlooked

Nearly half (48%) of respondents do not use a third-party security solution on their phone, even though 53% conduct sensitive transactions such as bill payments or online shopping. Device protection is also lacking: 58% of respondents reported not securing their computers with third-party solutions, and 82% said the same of their tablets.

US respondents were least likely to protect their phones (44.3%), compared to higher adoption in Spain and Italy (57%). Alarmingly, nearly 10% admitted to using work devices for personal financial transactions, creating both personal risk and organisational exposure.

Data Sources

Bitdefender commissioned Censuswide, a leading international market research consultancy, to survey and analyse responses from 7,009 consumers aged 16 to 55+. The survey and analysis were conducted between June and September 2025 across Australia, France, Germany, Italy, Spain, the U.K., and the U.S.

Security Officer Safety: Benchmarks and interventions

Earlier this month, International Security Ligue published a supplement to its Global Security Barometer focused on security officer health and safety. It found that the industry needs to recommit to protecting its people.

Over several years, International Security Ligue has collected insights into the routine realities of the security profession and the evolving risks facing frontline personnel.

“Alongside everyday risks and simple injury causes — a misstep, a twist — we observe a growing and concerning rise in public aggression toward our officers,” states the report. “Exposure varies by location, culture, event, and situation, yet the upward trend is clear.”

Benchmark data from over one million officers show a 2023 lost-time injury rate of 6.9 per 1,000 employees and a recordable rate of 12.8. Compared to the 2019-22 average, this means a decrease of 0.7% for Europe and increases for South America (+47.2%), North America (+6.0%), Middle East and Africa (66.6%), and Asia and Australia (+6.9%).

“The industry owes a debt to frontline employees, and it must recognize that safety efforts should extend beyond worker behaviours and examine what we give them, and how we support them. In short, we must recognize the broader context surrounding worker actions without ignoring the reality that worker actions also play a role.”

Fatalities

The global fatality rate fell in 2023 from 2022 to 2.53 per 100,000 security officers in 2023; just above the six year average of 2.4, although fatalities from violence has grown. The top causes of fatalities include (i) slips, trips, falls, (ii) over-exertion, (iii) violence, and (iv) transportation.

On the positive side, the report observed that regulations increasingly recognise psychosocial illnesses as occupational diseases, high occupational safety is being successfully used to attract personnel, and investment in mental health and wellness is increasing.

On the downside, officers face rising third-party aggression, slips, trips, and falls remain frequent, and challenges persist from a lack of control over operating environments.

Challenges - Interventions

“Safety training can be a competitive differentiator and is most effective when practical, realistic, specialist-led, and supported by blended delivery for consistency,” says the report. “Refresher training is essential to reinforce critical responses and should focus on highrisk, infrequently used, and legally changing tasks.”

The Ligue found that road incidents drive disproportionate occupational deaths, with vehicle patrols posing the highest fatality risk, worsened by long night shifts and urban traffic. “Effective interventions include defensive driving training, telematics and dashcams, strict no-phone and fatigue policies, vehicle checks, and behaviour-based monitoring.”

“Violence poses high likelihood and severe consequences—from gun threats to assaults—so prevention centres on threat assessments, de-escalation and conflict management, client collaboration, technology (CCTV/ bodycams), robust training, and rapid victim support including 24/7 psychological aid.”

Technology such as lone-worker alarms, drones, smart cameras, bodycams, GPS/telematics, and AI risk-prediction are enabling proactive, data-driven prevention and reduced frontline exposure.

Gallagher picks up two gongs at New Zealand International Business Awards

Gallagher has taken two top honours at the 2025 New Zealand International Business Awards, winning in both the Supreme Award and Best Large Business categories.

Awarded by New Zealand Trade and Enterprise (NZTE), the dual win cements Gallagher’s position as one of the country’s most successful international exporters.

“For 87 years, it has been a privilege to do what we do from Hamilton, for New Zealand, to the world,” says Gallagher CEO & Executive Director Kahl Betham. “We do it for the people and communities that shaped us. Winning both of these awards is an honour, and a reminder of the responsibility we carry as we protect what matters most.

Gallagher’s international momentum continues to accelerate. 86 percent of revenue now comes from global markets, with the company revenue growing 32 percent in the past year alone, and remaining firmly on track to become a NZ$1 billion global enterprise in the near future.

“People don’t just buy our technology, they buy into us and the way we do business,” Betham said. “We care deeply about our community, we act with integrity, and our strong intergenerational values have always guided us. From agritech to security, our innovation is driven by a commitment to make a positive impact.”

“We’re here to do more than our fair share to support the Government’s goal to double exports. We’ve approximately doubled our revenue in the last few years, and we’re well on the way to becoming a billion-dollar company.”

Gallagher has a team of over 1,500 people worldwide, including over 1,000 based in New Zealand. With significant global demand and expansion across its Hamilton headquarters and international offices, the company sees itself as entering one of the most transformative periods in its history.

“We succeed because we back our people. We take a long-term view, we

make decisions that matter, and we’re committed to creating careers - not just jobs,” said Betham. “We are building the future from here. If you want a career with purpose and the chance to take New Zealand innovation to the world - Gallagher is the place. We will be significantly recruiting for a large number of tech roles in the coming weeks.”

“We’re a great blueprint for tech exports in New Zealand. From original manufacturing of mechanical farm machinery back in the 1930s, to inventing the electric fence and becoming the world’s best in agriculture technology, exporting to 160 countries,” Betham said.

Beyond business, Gallagher has invested millions of dollars into community initiatives, including Coastguard New Zealand, the Waikato Rescue Helicopter, local sports, arts, and education programmesreinforcing its commitment to the people and places that shape its success.

Privacy Commissioner talks police body-worn cameras

New Zealand Privacy Commissioner Michael Webster CVO addresses the Police Association Annual Conference, focusing on the issue of body-worn cameras.

The Privacy Commissioner’s 16 October speech covered the topical subject of body-worn cameras and, in particular, the privacy implications of the use of this technology. This following is an abridged version of part of his speech:

At the outset, we should acknowledge that body-worn camera technology poses serious implications for individuals’ right to privacy. Recording individuals’ actions and conversations is inherently privacy intrusive.

Addressing those privacy considerations can allow an appropriate balance to be achieved between the needs of law enforcement and the privacy rights of individuals.

An organisation thinking of using this sort of technology needs to identify its lawful basis for collecting personal information using the technology. There must be a demonstrable operational need that a body-worn camera programme is designed to address.

The cameras should meet the test of being an effective solution to the operational needs that have been identified.

Any identified privacy intrusion must be minimised to the extent possible and offset by significant and definable benefits.

A comprehensive analysis would also include a consideration of whether any less-privacy intrusive measures would achieve the same objective.

At this point, can I do a shout out for Privacy Impact Assessments?

A privacy impact assessment or PIA is a tool used by organisations to help them identify and assess the privacy risks arising from their collection, use or handling of personal information. A PIA will also propose ways to mitigate or minimise these risks.

A PIA can be particularly useful when an organisation is considering introducing a new policy or operating system, or when making changes to an existing process.

So, in the case of body-worn cameras, those preparing the PIA can work up a use case, or multiple use cases, for cameras, to enable themselves to work through the Privacy Act obligations.

Noting my earlier comments on social licence [refer to full text of speech], I’m of the view that with something as significant as body-worn cameras, a PIA should also include a plan for consulting and engaging with the community on what is proposed.

A PIA might also introduce the idea of conducting a pilot or trial of the use of this technology. And employee privacy should also be taken into account. Transparency and openness are also key to building social licence.

This suggests that there should be reasonable efforts made to raise public awareness that officers are equipped with cameras, and that people’s actions and words may be recorded when they interact with, or are near, officers.

I know that the question of access to camera footage is a much-discussed topic, both here and overseas.

Any camera proposal will need to work through the relevant law –

both the Privacy Act, and the Official Information Act.

Under the Privacy Act, people have a right to ask for access to their personal information. In most cases people must be given their information, but sometimes there may be good reasons to refuse access.

One of the key issues which can be worked through in a PIA will be the question of continuous versus intermittent recording – whether the cameras should record continuously or whether officers should have the discretion or duty to turn them off and on, and under what circumstances.

My observation of overseas experience is that, from an accountability perspective, continuous recording may be preferable because it captures an unedited recording of an officer’s actions, and the officer cannot be accused of manipulating recordings for his or her own benefit.

However, from a privacy perspective, collecting less personal information is always the preferred option.

If it is decided, because of the identified purpose for the use of the technology, to proceed with an approach involving continuous recording, then what will be critical is policies and controls on retention and use to ensure proportionality, and to mitigate the impact on privacy – along with clear operational thresholds and discretion for officers to turn cameras off in some sensitive situations.

But, as I said earlier, these are the sorts of challenging issues that need to be fully explored in a PIA.

A PIA should also address the need to minimise, to the greatest extent possible, the recording of innocent bystanders, or innocuous interactions with the public.

I acknowledge that that won’t be possible all the time, and so setting and implementing limited and appropriate retention periods, and restricting access to recordings databases to a need-toknow basis, will help address privacy concerns.

On this access point, my Office has noticed that unauthorised employee browsing is increasingly becoming a source of privacy breaches – and I’m

sure we’ve all seen stories about this in the media.

So, the issue of proper safeguards, retention, destruction and storage of camera recordings is one that also deserves careful consideration and investment – in both technical systems, and also in training and reinforcing an appropriate culture.

Overseas, steps to safeguard recordings include encrypting them and storing them on a secure server, restricting access to recordings on a need to know basis, having edit-proof video and audio, and implementing audit trails to provide assurance that recordings have not been modified or accessed inappropriately.

Returning to the theme of data minimisation, under the Privacy Act, an organisation must not keep personal information for longer than is required for the purposes for which the information may lawfully be used – in short, don’t keep personal information for longer than is necessary.

Indefinite retention is incompatible with the Privacy Act

Setting and respecting access limits and retention periods will limit any opportunities for inappropriate disclosure or misuse of the information, including the potential

for monitoring individuals without an authorised basis or good reason.

When a retention period is up, recordings need to be disposed of in a secure manner in accordance with agreed policies and law.

The governance of all this is of fundamental importance; as with all aspects of a body-worn camera system, there should be systems in place to ensure that safeguarding, retention and destruction policies are respected. Use of body-worn cameras in New Zealand

So, what does this all mean for any proposed use of body-worn cameras in New Zealand?

The use of body-worn cameras is becoming an increasing feature of those who work in certain areas – we will be hearing about the Department of Corrections’ experience later – but people here may have seen them in use by council staff, by fisheries inspectors, and by bailiffs.

My Office has had a long-standing position on their use.

It is quite possible to use bodyworn cameras within the Privacy Act regulatory framework.

I appreciate that there might be some operational difficulties or regulatory challenges to be overcome, but they can be successfully worked through.

As my earlier comments reinforce, it’s important that you define exactly what you are going to use the cameras for – and, therefore, how they will not be used.

Information Privacy Principle 1 in the Privacy Act is quite clear: you can only collect personal information if it is for a lawful purpose connected with a function or an activity of an agency, and the information is necessary for that purpose.

The purpose question is critical – this is not about untethered intelligence gathering or recording – and clearly defining the purpose for collection is an important step in minimising the unnecessary collection of personal information.

Once you are clear on your purpose, it will also be clear that to achieve this purpose there will be some personal information that you will not need to

collect – such as private conversations between passing members of the public.

Organisations using body-worn cameras also need to think about how the wearer can retain some privacy – is the camera able to be turned off during breaks, or personal conversation?

My starting point would also be that the cameras should not be used to monitor the officer’s own performance or working hours, as there are less intrusive ways to achieve this.

Since the cameras will capture personal information about the wearers as well as the general public, both should be adequately notified about what information will be collected and what will be done with it.

Developing a user guide for officers will help ensure that they are aware when the camera needs to operate, and how to use the cameras appropriately.

I’m not going to run through every possible scenario now, but, for example, if an abusive situation arises, the guide might state that officer should tell people that they are being filmed and that the recording may be used as evidence.

Other matters to consider include how audio/visual material will be stored securely, and how long it will be retained.

How such material is used once captured will also need careful

thought; for example, if images or audio are shared with the public for the purposes of identifying someone, other persons in the image should be obscured.

Some of these are matters or questions that come with significant resourcing implications – privacy issues are of course only some of the matters that will need to be considered.

Conclusion

I want to acknowledge something that is a day-to-day reality for the members of the Police Association: we all live in what has become an increasingly fractious and fractured world.

And it’s a world where personal data – including visual and audio data - has significant value - and that is seeing governments and businesses reach for solutions that have both known and unknown consequences for privacy.

At the same time, privacy regulators and human rights advocates are, in their own way, and under their own legislation, working to maintain our civil and political rights.

As we all go about our respective roles, let us all please remember that our ability as citizens to make our own decisions as to what we want to keep private – to exercise our own agency – gives us the space and freedom to

exercise our other civil and political rights:

• the reasons behind why our voting is by secret ballot,

• what we decide to share about ourselves when seeking a rental property or a job,

• the views we express to only those we trust to share them with,

• the groups or causes we belong to,

• and so it goes on.

If our citizens lose their own agency over their personal information, they risk losing more than that. The right to privacy, and living in a free and democratic society, are precious taonga.

It is for this reason that I am absolutely focused on the need to re-frame the language of privacy, and protecting and respecting personal information, in New Zealand.

We need to break what I call the false dichotomy narrative … that we live in a world of either/or … that you can either have public safety, or privacy … that you can either have law and order, or maintain a right to privacy … that you can either have technological innovation, or privacy … that you can either embrace AI within your organisation, or protect and respect personal information.

In the language we use … in addressing complex public policy problems … in developing new operational strategies, we need to own and communicate that it’s not an either/or – but that it’s an “and”, or a “while”.

It’s keeping people safe while protecting individuals’ privacy rights.

It’s implementing new technology, while giving people confidence it’s being done fairly and in a manner that protects and respects privacy.

It’s rolling out data collection initiatives and ensuring personal information is kept safe and secure.

It’s doing privacy well.

As discussions on initiatives like body-worn cameras progress, my Office will be focused on ensuring that New Zealanders can have trust and confidence in the way their personal information is collected, stored, used and shared … for the benefit of all.

2026: The year cybercrime becomes fully industrialised

Trend Micro’s annual Security Predictions Report for 2026 warns that the coming year will mark the true industrialisation of cybercrime.

According to the report, artificial intelligence (AI) and automation are now enabling threat actors to run entire campaigns autonomously, from reconnaissance to extortion, creating unprecedented speed, scale, and complexity for enterprise defenders.

“2026 will be remembered as the year cybercrime stopped being a service industry and became a fully automated one,” said Ryan Flores, Lead of ForwardLooking Threat Research at Trend Micro.

“We are entering an era where AI agents will discover, exploit, and monetise weaknesses without human input. The challenge for defenders is no longer simply detecting attacks, it’s keeping pace with the machine-driven tempo of threats.”

The report, The AI-fication of Cyberthreats - Trend Micro Security Predictions for 2026 , highlights how generative AI and agentic systems are transforming the economics of cybercrime.

Autonomous intrusion campaigns that adapt in real time, polymorphic malware that constantly rewrites its own code, and deepfake-driven social engineering will be standard tools for attackers. The same automation also threatens to flood businesses with synthetic code, poisoned AI models, and flawed modules hidden inside legitimate workflows, blurring the line between innovation and exploitation.

Hybrid cloud environments, software supply chains, and AI infrastructures are expected to be the primary targets in 2026.

Poisoned open-source packages, malicious container images, and overprivileged cloud identities will become common attack vectors, while statesponsored groups will increasingly turn to ‘harvest-now, decrypt-later’ strategies to future-proof espionage against the advance of quantum computing.

Ransomware is evolving into an AI-powered ecosystem capable of managing itself, e.g. identifying victims, exploiting weaknesses, and even negotiating with targets via automated ‘extortion bots’. Trend Micro’s threat researchers expect these campaigns to become faster, harder to trace, and more persistent, driven by data rather than encryption alone.

Trend Micro suggests organisations move from reactive defence to proactive resilience by embedding security across every layer of AI adoption, cloud operations, and supply chain management. Those that integrate

ethical AI use, adaptive defence, and human oversight will be the best positioned to succeed in the future.

Trend Micro’s 2026 predictions outline a path forward based on visibility, automation with human validation, and a cultural shift that treats security as strategic infrastructure. Those who innovate securely, by balancing speed with governance and intelligence with ethics, will set the standard for trust and resilience in an increasingly autonomous world.

Trend Micro protects more than 500,000 enterprises and millions of individuals across clouds, networks, endpoints, and devices worldwide. Its Trend Vision One AI-powered enterprise cybersecurity platform centralises cyber risk exposure management and security operations, delivering layered protection across on-premises, hybrid, and multi-cloud environments.

GSX 2025 attracts delegates from 95 countries

Global Security Exchange (GSX) 2025 has concluded in New Orleans. Presented by ASIS International, GSX attracted nearly 15,000 registrants from 95 countries.

As ASIS International marked its 70th anniversary, its 2025 President, Joe Olivarez, Jr. shared that we stand at pivotal moment where the security profession has never been more critical, more visible, or more influential in shaping the world’s security landscape.

“The security profession has evolved from being primarily operational to increasingly strategic, with professionals now gaining more visibility in executive-level discussions and broader executive roles,” stated Olivarez. “Today’s security leaders don’t just respond to threats, we anticipate them, and drive organizational resilience through them.”

Ian Bremmer, President and Founder, Eurasia Group, kicked off the first day’s programming with a keynote session on how the world has entered a period of heightened tensions and market volatility. His presentation, titled ‘The New Abnormal: Who are the Winners and Losers in a G-Zero World?’ discussed the current and unprecedented environment in which conventional wisdom no longer holds.

“China is rising and the Global South in general is becoming economically more powerful, more populous, more dynamic, and more interesting technology companies

New Orleans played host to the annual three-day event where international insecurity and artificial intelligence were major themes among the keynotes and over 200 education sessions.

coming out of those places,” Bremmer remarked. “But the United States is not declining, not at all.”

In an AI-focussed session, Top 100 AI author and former Amazon and Fortune 100 C-Suite Executive Sol Rashidi recounted the original intention for AI from when she was a key driver helping to launch IBM’s Watson.

“We never built Watson to replace people,” said Rashidi. “We built it to amplify us.

“AI was never meant to replace and erode our ability to think critically, independently, and autonomously. It was meant to accelerate. It was meant to facilitate, and we are forgetting those foundational principles.”

A keynote presentation by General Paul M. Nakasone (ret.), ‘Lasting Leadership Lessons from the World’s Second Oldest Profession’, focused on leadership during transition, both societal and technological and the evolving threat landscape.

GSX 2026 from Georgia.

“We have a number of nations that are operating adversely in cyberspace (i.e., China, Russia, North Korea and Iran),” noted the former U.S. Cyber Command leader and National Security Agency (NSA) head.

“We also have a convergence between physical and cyber security, and are witnessing the most disruptive technology of our time in artificial intelligence.”

2026 has been strong, with 89% of exhibit floor space already committed through advance booth selection.

According to Company, the official destination sales and marketing organisation for New Orleans’ tourism industry, generated an estimated $11 million in economic impact for the city of New Orleans.

Risky Business: The 2025 New Generation of Risk Report

The annual report by Riskonnect paints a stark picture in relation to state sponsored cyber threats, agentic AI threat preparedness, and supply chain risk.

According to Riskonnect’s latest annual risk report, political uncertainty is climbing, geopolitical shocks and cyberattacks are impacting on businesses, economic uncertainty persists, and AI is advancing faster than governance can keep up.

“Agentic AI – the latest wave of AI technology – is already here,” states the report, “yet many companies are still wrapping their heads around generative AI and its risks three years into the technology hitting the mass market.”

Combined, these dynamics are ushering in a high-stakes environment that requires faster, sharper, and more proactive risk management responses.

In compiling the 2025 New Generation of Risk Report , Riskonnect surveyed over 200 risk, compliance, and resilience professionals globally to identify the most pressing threats and organisations’ preparedness in relation to them.

The report reveals that while progress is being made in important areas, such as worst-case scenario planning, AI adoption, and building plans for geopolitical risk, critical gaps remain.

“The data paints a clear picture that risk management is increasingly viewed as a strategic business function,” states the report. “But it’s in a pivotal state of transition, and companies must invest decisively to realize its full potential and strengthen its impact.”

According to survey respondents, the biggest risks they foresee from deploying agentic AI are data privacy and security issues (68%), autonomous decisions that conflict with business goals, strategy, and/or legal requirements (52%), and unintended actions from runaway processes (38%), such as unauthorised transactions, incorrect pricing changes, or installing the wrong software update.

Only 12% of companies today say they feel very prepared to assess, manage, and recover from AI and AI governance risks, which is concerning given that many organisations are actively testing and adopting generative AI tools.

Organisations are still overlooking critical areas when it comes to AI oversight, states the report: 42% don’t have a policy in place to govern the use of AI by employees; 75% say they don’t have a dedicated plan to specifically address genAI risks, including deepfakes and AIdriven fraud attacks; and only 23% have a policy against using foreign AI models such as Deepseek.

Nevertheless, 32% of companies claim that they have trained or briefed

their entire organisation on risks related to genAI, which is up from 19% in 2024 and 17% in 2023. But clear policies and controls are missing. 26% of respondents report having no policies, formal training, budgets, or dedicated plans to address AI risks.

Critical third-party exposures persist

Companies remain dangerously vulnerable to third-party and nth-party risks, states the report, but many risk leaders appear to be underestimating the exposure.

85% of those surveyed say they have a business continuity and resilience plan in place to keep their organisation operating in the event of a major IT outage or cyber incident at one of their business-critical service providers.

“But upon a deeper look, the data shows a fundamental weakness: Their ability to assess and monitor supplier risks stops at their immediate suppliers, leaving hidden vulnerabilities buried deeper in the digital supply chain.”

Specifically, 45% of risk leaders say they can only assess and monitor their tier 1 tech partners; 8% say they

can assess and monitor their tier 1 partners, their suppliers, and their suppliers’ suppliers; and 16% admit they can’t monitor and assess the risks of their critical third-party tech partners at all.

“That last number is especially concerning, particularly for large enterprises,” states Riskonnect. “Every company needs to at least be able to assess and monitor their immediate tier 1 partners. In an environment where hackers often exploit third parties, this lack of visibility isn’t just risky, it’s reckless.

“While companies might have business continuity and resilience plans on paper, in practice they are relying on an incomplete picture and assumptions about third-party reliability.”

This leaves organisations vulnerable to disruptions throughout the entirety of their supply chain, and it hampers their response and recovery efforts when incidents occur.

“30% say third-party and nth-party risks aren’t having an impact or are just having a minimal impact on their business – evidence that many still underestimate the danger.”

Latest updates in Milestone XProtect 2025 R3 announced

Updates announced in late October to Milestone’s XProtect 2025 R3 and the Arcules platform designed to strengthen security operations and simplify system management.

The latest releases for XProtect VMS and Arcules VSaaS aim to address practical challenges facing security professionals by making surveillance systems more intelligent, accessible, and easier to manage while maintaining open-platform flexibility.

XProtect Remote Manager introduces new comprehensive monitoring and management capabilities that enable security teams to maintain system health and respond to issues before they impact operations, eliminating time-consuming site visits.

Remote management, along with improved monitoring of recording servers, will enable administrators to detect and resolve critical issues, such as full databases or server health problems, without local access.

Event-based notifications will keep teams informed via customised email alerts when cameras, servers, or other components experience status changes. This can potentially lead to faster response times across cameras, recording servers, hosts, sites, services, devices, and camera components.

Video permissions control will provide granular management of video feed visibility, allowing site owners to define precisely who can view specific cameras, lowering the risk of unauthorised access risks.

Another key feature is the new Role-based Access Control Permissions for access control systems, which allows administrators to restrict the visibility and operation of access control units based on user roles directly within XProtect.

By eliminating separate logins for third-party access control systems, this

integration creates a unified interface for managing integrated security solutions.

The Arcules cloud platform receives substantial new enhancements designed to accelerate investigations, improve detection accuracy, and increase deployment flexibility for cloud-based surveillance operations.

New Multi-Camera Forensic Video Search enables security professionals to analyse footage across multiple cameras simultaneously in a unified interface. Teams can quickly trace movements and reconstruct events with complete multi-angle perspectives, providing a force multiplier for scenarios such as campus safety, emergency response, and traffic monitoring.

Dual-Layer Motion Detection reduces the risk of missed events by combining Arcules video analytics with on-camera motion detection algorithms. This approach ensures

critical motion events are captured, with recordings stored in the cloud or on edge gateways. The feature works with ONVIF M and T cameras across both cloud and edge gateway deployments.

New Extended Camera-to-Cloud Compatibility expands support to devices with limited internal memory, making cloud video surveillance accessible to even more deployments. Organisations can deploy costeffective cameras while maintaining full cloud capabilities and deployment flexibility.

External Case Sharing enables secure, time-limited sharing of video evidence with law enforcement, legal teams, and third-party investigators. External recipients can access shared Cases through secure links without an Arcules account, with access automatically expiring based on set permissions.