28th May 2025

12:00PM - 2:00PM

The Northern Club, Wintergarden

- VIP LUNCH EVENT

Cybersecurity Governance:

A Director & CXO’s approach to building resilience

Cybersecurity is a critical topic that demands regular and structured attention on the board’s agenda. It is no longer an issue to be addressed only during crises. Boards must prioritise building cyber competency and access to external expertise.

Tailored for Directors and CXOs, this event explored strategic approaches to fortifying your organisation against ever-evolving cybersecurity threats.

The 2024 New Zealand IoD Director Sentiment Survey revealed:

45.2% of Boards don’t receive comprehensive reporting about cyber risk.
However, only 62.2% express confidence in their organisation's capacity to respond to cyberattacks—a concerning gap.
Additionally, 17.9% of boards oversaw a cyberattack in the past 12 months, underscoring the need for deeper engagement and robust oversight.

As cybersecurity threats grow increasingly sophisticated, New Zealand businesses must prepare for potential regulatory changes influenced by Australia’s evolving standards. These changes will have a significant impact, especially for sectors handling sensitive data, such as healthcare and financial services.

Our speakers:

Panellist

Murray Strong
Independent Chairman & Director, Speaker, Board Member
Murray Strong is a highly experienced Chair and Board member, having served on 23 Boards, with 18 as Chairman.

His extensive governance portfolio spans companies, Crown entities, large infrastructure projects, digital transformation initiatives, and statutory interventions.

Murray has held continuous chairing roles since 2001, serving on sub-committees including Finance, Audit & Risk, Capital Investment, and Transformation, demonstrating his commitment to robust leadership and governance.

Panellist

Dame Dr Karen Poutasi
Independent Director
Dame Karen Poutasi is a seasoned leader with a distinguished career in public service. She currently serves as a Director at RHCNZ, New Zealand’s premier private radiology provider, and as Chairperson of Kāpuhipuhi Wellington Uni-Professional, where she leverages her extensive experience to oversee the organisation's governance.

Previously, Dame Karen was the Director-General of Health and Chief Executive of the New Zealand Qualifications Authority From Dame Karen contributed extensively to the health sector as a board member and later Chairperson of Health New Zealand, and also chaired Taumata Arowai – the Water Services Regulator during the same period.

Panellist

Gordon Armstrong
CEO, Auckland Eye
Gordon Armstrong is the CEO of Auckland Eye, the leading eye care specialist group in New Zealand. With deep expertise in organisational transformation, Gordon has an impressive track record in strategic vision implementation, business development, and establishing joint ventures and diversified services. His collaborative approach and professionalism make him a key voice in operational excellence. He has held CEO roles in private healthcare for 17 years.

Moderator

Mathew Jose
CISO, CodeBlue
Mathew Jose is an accomplished information security professional with over 15 years of experience in various IT roles. As the Chief Information Security Officer (CISO) at CodeBlue NZ, Mathew focuses on governance, risk management, compliance (GRC), and security operations. He is dedicated to developing innovative cybersecurity products and services that simplify complex security concepts and enable businesses to thrive.

Before joining CodeBlue, Mathew held key positions such as Privacy Officer and Information Security Officer at Qrious Limited, and Chief Cyber Security Officer at CyberSecure 360.

Mathew holds a Master of Science (MS) degree in Computer Science from The University of Waikato. He is also certified in GSLC from GIAC.

Mathew believes in the power of cybersecurity as a business enabler and is committed to fostering a secure and resilient digital environment.

Key points:

The implications of Australian cybersecurity regulations on New Zealand’s businesses, along with strategies to mitigate directors’ liabilities.

Sector-specific impacts on healthcare and financial services, including the adoption of stricter frameworks such as HISF¹ and NCSC², and evolving practices for safeguarding sensitive information.

Integrating cybersecurity into organisational risk management—a step akin to health and safety standards—with tangible benefits such as reduced cyber insurance premiums over time.

¹ The Health Information Security Framework (HISF) in New Zealand

² New Zealand’s National Cyber Security Centre (NCSC) Cyber Security Framework