New Zealand Security Magazine

Why NZ’s retail crime statistics rose so sharply… and then declined

NZ’s health data hack needs a proper diagnosis – and a transparent treatment plan

Navigating the Evolving Threat Landscape: Physical security risks

High risk scam targeting communities in Tonga and New Zealand ...........................................................................

Companies fined after apprentice falls from height installing CCTV

Gallagher’s 2026 Industry Trends Report identifies opportunities ...........................................................................

Two PAK’nSAVE stores found in breach of Privacy Act ..............................................................................................

Good security is good for the nation: Takeaways from Sweden’s crisis and war preparedness framework

Weaponised Loneliness: How isolation has become a global security threat

Opinion: The Bondi beach attack and the illusion of security ....................................................................................

A Professional Industry: NZSA reviews findings of PSPLA and PSSG report .........................................................

New Zealand OSPAs open for nominations ...................................................................................................................

NZSA CEO’s January Report

New government plan to tackle organised crime

Doomsday Clock moves closer to midnight as global existential threats worsen .................................................. ‘Deepfake abuse is abuse,’ UNICEF warns .....................................................................................................................

Robot dog security patrol solution deployed in Singapore .........................................................................................

NZ S M

Nick Dynon Chief Editor

Nick has written for NZSM since 2013. He writes on all things security, but is particularly fascinated with the fault lines between security and privacy, and between individual, enterprise and national security.

Prior to NZSM he clocked up over 20 years experience in various border security and military roles.

Contact Details:

Chief Editor, Nick Dynon

Phone : + 64 (0) 223 663 691

Email: nick@defsec.net.nz

Publisher, Craig Flint

Phone: + 64 (0)274 597 621

Email: craig@defsec.net.nz

Postal and delivery address: 27 West Crescent, Te Puru 3575, Thames, RD5, New Zealand

Kia ora and welcome to the February-March 2026 issue of New Zealand Security Magazine, our first issue for the year! On behalf of the team at NZSM and Defsec, I hope your 2026 is prosperous, happy, and safe.

As always, a very big thanks to our wonderful advertisers. Our advertisers are businesses that are committed to our industry. Through their sponsorship of this magazine they play an important role in contributing to a vibrant and informed security sector.

In this issue of NZSM, there’s a little something for everyone. But first, a very big congratulations to Shaun Laifone and Ruth Tongotongo who recently won 2025 Global OSPAs in the categories of Outstanding Security Officer and Outstanding Young Security Professional respectively. Shaun and Ruth are the first-ever New Zealanders to claim gongs in the global awards, and they have done our industry immensely proud.

In an article focused on the vexed issue of New Zealand’s retail crime statistics, I ask whether our much commentated upon post-COVID retail crime hike is actually real or not. It’s a provocative question, I know, but my concern is that the numbers don’t quite add up yet big decisions are being made by government and retailers off the back of them. Are these decisions being made on the basis of flawed data?

We are joined again in this issue of NZSM by Massey University’s Dr John Battersby , who considers some of the intelligence aspects of the tragic Bondi Beach attack. Flagging a potential terrorist is no easy feat, he writes, and accurately divining a person’s future intentions is a devilishly difficult undertaking to pull off.

On the associations front, we feature NZSA CEO Gary Morrison’s most recent newsletter and we highlight a recent NZSA update about pre-employment training modules, NZSA corporate member self-audits, new apprenticeship pathway, and more.

Also inside, the New Zealand OSPAs open for nominations, the NZSA breaks down the findings of the recently published PSPLA-PSSG annual report, isolation and loneliness becomes a global security threat, Sweden says good security is good for the nation, and a cyber treatment plan is recommended for NZ’s digital health systems.

If you haven’t already, consider subscribing to our regular eNewsletter THE BRIEF . It’s a great way to keep up to date with the latest. If you’re not already an NZSM subscriber, make sure you visit www.defsec.net.nz to sign up!

Keep safe. Nicholas Dynon, Auckland

Disclaimer:

The information contained in this publication is given in good faith and has been derived from sources believed to be reliable and accurate. However, neither the publishers nor any person involved in the preparation of this publication accept any form of liability whatsoever for its contents including advertisements, editorials, opinions, advice or information or for any consequences from its use.

Upcoming Issue

April/May 2026

Government, Transport, Tourism, Access Management, IT security threats

Social Media

linkedin.com/company/ defsec-media-limited

The Summit Shaping NZ’s Cybersecurity Landscape

National Policy, Strategy

Gain C-level cyber risk leadership and resilience. Real-World Threats, Real Solutions

Explore AI attacks, live-breach lessons, identityfirst & zero-trust. Peer Insight, Valuable Connections

High-value networking with 400+ delegates Join roundtables.

Headline sponsor

Why NZ’s retail crime statistics rose so sharply… and then declined

Did New Zealand’s post-COVID retail crime wave actually happen, asks Nicholas Dynon, or was it just a statistical error?

Nicholas Dynon is chief editor of NZSM, and a widely published commentator on New Zealand’s defence, national security and private security sectors.

Over the past few years, retail crime statistics in New Zealand have demonstrated a dramatic and sustained increase. Headlines, political debate, and frontline experience have reinforced a sense that retail environments have become materially more dangerous.

Almost as soon as New Zealanders emerged from their bubbles in the wake of COVID-19 lockdowns, ram raids and smash and grabs became news staples. Culprits – from a weak on crime justice system to student truancy – were identified, and political leaders rushed to implement fixes to balm an aghast electorate.

In addition to official statistics published by NZ Police and the Ministry of Justice, a range of stakeholders have released their own surveys and metrics supporting the notion that retail crime –and particularly harassment and violence against retail workers – was experiencing unprecedented increase.

According to Retail NZ, for example, 99% of respondents they surveyed had experienced some form of retail crime or nuisance behaviour in the year to 30 June 2024 – compared to 81% in 2017. Supermarket cooperative Foodstuffs North Island’s metrics claimed serious incidents in their stores had increased 246% from 2020 to November 2022. The 2022 ANZ Retail Crime Study found that violence and abuse experienced by retail staff was at

record levels, with supermarkets and department stores bearing the brunt of the increased abuse.

The proliferating corpus of retail crime statistics has become an evidentiary bedrock from which stakeholders – retailers, security technology providers, lobby groups, law enforcement and political parties – have anchored their policy positions, public relations, funding allocations, enforcement priorities, and influencing activities. They have become a scorecard against which government hardness/ softness on crime is measured, and the basis for a prevailing post-COVID moral panic.

Ultimately, retail crime statistics provide a key justification for the securitisation of the retail space and the making of security-focused decisions, such as the deployment of intrusive security technologies and the enactment of reactive legislation, that may profoundly change the future of how we experience our world as consumers.

But, what if these statistics have been wrong?

Statistics: General vs retail crime

A little over five years ago, New Zealand’s official crime statistics took an apparent turn for the worse. After several years of stability, the nation’s ‘resting’ crime rate was disrupted by a significant upswing. We had entered a new period of lawlessness.

According to NZ Police Victimisation Time & Place datasets ,

general crime rates started a rapid climb during late 2019 following several years of relative stability. After a brief artificial trough created by the initial 2020 lockdown, the national rate reached an historical peak in March 2023.

In terms of the crime types publicly reported in Victimisation Time & Place, this meant a jump from late 2019 to March 2023 from a typical profile of no more than 23,000 victimisations per month to a high of just under 35,000 – an increase of around 66%. After March 2023, the rate stabilised and then fell, hitting a low of 27,240 victimisations in June 2025 before edging up slightly since.

National retail crime rates also jumped over this period – and also after many years of stability. But the retail crime jump was by comparison much, much bigger.

The rate of victimisations occuring in retail locations started its climb in mid-2019, continuing to an historical high of 9,695 in January 2025 – a three-fold increase following many years of 3,000 victimisations per month. From the January 2025 high, retail crime has plummeted over the past year, recording 7,106 victimisations last November… still well over double the pre-COVID rate.

Interestingly, when we run the victimisation stats for the same period but with retail location categories removed, we find that from a stable rate of around 20,000 victimisations per month prior to late 2019, the rate climbed to a high of 27,643 in January 2023 – a comparatively modest increase of around 28%.

It’s fallen since, with the last few months of 2025 registering an average of around 20,000. In other words, the number of victimisations occuring in New Zealand in non-retail spaces have – for the past few months at least –returned to pre-COVID rates.

What does all this mean? Why did retail crime rates increase so dramatically over the post-COVID period compared to non-retail crime? How come retail crime has fallen since January 2025? Are we seeing a potential return to New Zealand’s pre-COVID ‘resting’ crime rate? What’s driving the statistics, and what level of confidence can we have in them?

I’m particularly interested in the question of why retail crime rates appear to have increased so dramatically over the period compared to non-retail crime. It seems strange to me that a society would exercise significantly greater levels of criminality in retail spaces than in other settings, such as public spaces or the home, unless there were specific drivers for it. And why – if this is the case – has it happened only since 2019?

To explore this question, I considered three potential explanations:

1. Underlying economic conditions

2. Policy and response measures

3. Changing reporting practices

Underlying economic conditions

Researchers, including eminent American criminologist Richard Rosenfeld and American Enterprise Institute Senior Fellow Brent Orrell , have established that inflation is the most powerful economic predictor of crime. ie, historically, periods of low inflation produce relatively low crime rates while periods of high inflation produce relatively high crime rates.

The authors of a study published in 2007 by the journal Global Crime, which examined the relationship between crime and inflation and unemployment in the United States from 1960 to 2005, came to a similar conclusion.

“Crime rates rise as the inflation rate rises,” they wrote. “Because of the lag between price and wage adjustments, inflation lowers the real income of low-skilled labor, but rewards property criminals due to the rising demand and subsequent high profits in the illegal market.”

In other words as rising inflation erodes consumers’ purchasing power, this causes them to ‘trade down’, or buy cheaper. Those who are already buying the cheapest goods are inevitably faced with the prospect of having to turn –knowingly or unknowingly – to markets in stolen goods, and this increased demand in the shadow economy incentivises criminals to create supply.

Above figure: NZ Police Victimisation Time & Place data 2014 -2025.

Above figure: NZ Police Victimisation Time & Place data 2014 -2025. Retail location categories only.

Above figure: NZ Police Victimisation Time & Place data 2014 -2025. Retail location categories removed.

In New Zealand’s case, after 30 years of inflation of between one and two percent, the CPI jumped to 3.30% in Q2 2021, hitting a historic high of 7.3% in Q2 2022. It had dropped to 2.2% by Q3 2024, rising slightly to 3.1% by December 2025.

Unlike the CPI, which measures inflation for the country as a whole, the Household Living-costs Price Index (HLPI) is a measure of inflation relevant to household spending. Because it includes interest payments (mortgage, credit cards) it’s a more accurate reflection of actual household outgoings.

The CPI hike of 2021-2022 had prompted the Reserve Bank of New Zealand (RBNZ) to hike the official interest rate (OCR) between 2022 and 2023 to combat inflation. With households paying higher mortgage rates, rents, and insurance premiums, the consequent negative real wage growth eroded household purchasing power.

Above figure: New Zealand HLPI rate 2014-2025.

After years of sitting below two percent, New Zealand’s HLPI jumped to 5.1% in 2021, peaking at 8.2% in 2022 –and outstripping the CPI.

Echoing the international research mentioned above, the below table (covering the period March 2020 to December 2023) indicates a potentially strong correlation between a high HLPI in New Zealand and property crime rates.

Utilising this ‘underlying economic conditions’ approach to explain New Zealand’s post-COVID retail crime trajectory places the blame for the crime surge squarely on the widely documented 2023-24 cost of living crisis. A decreasing HLPI also provides an explanation for the more recent fall in retail crime.

Of course, this approach – validated by peer-reviewed criminological research and reinforced by official victimisation and economic data may not necessarily provide the only explanation for what’s been going on, as Retail NZ Chief Executive Carolyn Young suggests in a mid-2025 media release:

“Although the cost of living crisis is often being blamed for the increase in retail crime, retailers confirm that the majority of offenders shoplift goods that are clearly unrelated to their daily basic needs,” stated Ms Young. “Sometimes they are shoplifting to order, sometimes to support their addictions or to gain notoriety on social media.”

Yet these alternate explanations don’t necessarily negate the validity of inflation as the driver. Ultimately, shoplifting to order, supporting addictions and gaining social media notoriety are all behaviours for which the economic conditions resulting in household unaffordability can be either a driver or contributor.

Policy and response measures

Another potential approach to explaining recent retail crime trends is to consider them through the lens of policy and response measures, specifically the various ways in which retailers, government, law enforcement, and the private security sector have sought to address retail crime.

A problem with this approach is the possibility that these varied parties may tend naturally to focus on the claimed efficacy of their own contribution to addressing crime. In the political sphere this also includes rubbishing an opponent’s track record on crime and justice.

Having come to power at the October 2023 election, the National Party-led coalition government have implemented a ‘law and order reset’ aimed at systemic changes to policing, sentencing, youth justice, and gang disruption, as well as a number of retail crime-focused measures, such as the Retail Crime Prevention Program and the controversy-plagued Ministerial Advisory Group for Victims of Retail Crime.

When the New Zealand Crime and Victims Survey was published late last year, the Justice and Police Ministers were quick to attribute falling serious crime figures to their deployment of more beat police and implementation of tougher laws.

“We announced nine targets in March last year, which included ensuring there are 20,000 fewer victims of serious violent crime by 2029, equating to 165,000 victims,” said Justice Minister Paul Goldsmith. “The latest New Zealand Crime and Victims Survey shows there were 156,000 victims of serious violent crime in the 12 months to May. That’s 29,000 fewer than when we came into government”.

“We know our plan to restore law and order is working and we make no apologies for getting tough on crime,” he continued. “We’ve given police and the courts more tools to go after gangs, we’ve put a stop to public funding of background reports, we’ve toughened up our sentencing laws, and reinstated the Three Strikes legislation.”

Retail crime intelligence company Auror also recently weighed in on the improved retail crime figures. The

Auckland-headquartered company, which provides crime reporting software used by the retailers in New Zealand and internationally released its own statistics showing that violent events had trended down for January to October 2025 compared to the same period in 2024.

According to Auror, the use of weapons fell by 12%, nationally while violent events dropped by 6%, and threatening events by 5%.

“The figures demonstrate significant progress by retailers and police in getting on top of this issue, compared to the data from retailers overseas,” stated the announcement.

Auror co-founder and CEO Phil Thomson linked the crime drop to technology use, suggesting that the use of technology by retailers, government and police in New Zealand to tackle retail crime is a “lesson for the rest of the world”.

“There is no substitute for the incredible work police do in our communities, or the work retailers do to keep us all safe when we shop, but through technology and strong collaboration, we can help them be as effective and efficient as possible, and drive these rates down further,” he said.

Another technology that is being given credit for putting a dent in retail crime figures is live facial recognition technology (FRT). According to a June 2025 media release, Foodstuffs North Island (FSNI) claimed that its six-month, 25-store live FRT trial “prevented more than 100 serious harm incidents, including assaults, with a 16% reduction in harm being demonstrated.”

These results were reiterated in Retail NZ’s survey-based COMS Retail Crime Report 2024 , which itself was produced in conjunction with COMS Systems, the provider of a facial recognition system specifically designed for the retail sector. FRT, states the report, “is a powerful tool to help keep retail staff safe at work and to reduce crime.”

Image featured on Bunnings New Zealand website.

Prime Minister Luxon speaking at Auror event. Image: Auror.

While such crime and harm reduction claims are impressive, they are open to being assessed as subjective given that (i) they are being made by parties with a vested interest in having their specific contributions to reducing retail crime recognised, and (ii) they tend not to have been substantiated by independent, rigorous, peer-reviewed analysis.

Changing reporting practices

An alternative approach to the previous two discussed is to consider the role that disparate and changeable reporting practices may have played in contributing to rises and falls in retail crime statistics.

It is widely accepted that much retail crime has tends to go unrecorded, with low-value theft, verbal abuse, intimidation, and repeat nuisance offending often absorbed as a cost of doing business.

Retail NZ’s COMS Retail Crime Report 2024 argues that the actual level of retail crime in New Zealand is “much higher than official statistics show”. Only 61% of retail crimes were reported to Police, stated the retailers’ group, with not often reporting thefts of low value items.

“Although Police data for the period shows a decrease in rates of reported crime,” states the report, “our survey found that this may be partly because Police do not hear about many crimes unless they are serious and/or involve physical violence.”

Alarmingly, Retail NZ’s report claims that only 60% of aggressive behaviour incidents, 54% of criminal damage incidents, and 65% of robberies were reported to police. 96% of incidents involving physical violence / assault were reported.

Retail NZ has actively encouraged retailers to report all incidents to police, regardless of the scale of the offending. Technology has made this easier.

Online tools such as those provided by Auror have lowered the threshold for recording and sharing incidents, and they’ve done this largely by lowering the friction involved in logging and sharing retail incidents.

Armed with these platforms, store staff can log an incident in minutes via web or mobile, they can save time with pre-built templates and standardised data fields, and they can upload still images or video files. Less friction means lower-order incidents like low-value theft, verbal abuse and suspicious behaviour are more likely to be reported than previously.

A sharp increase in recorded incidents is the inevitable result of sector-wide calls to action around increased reporting and the availability of new technologies to facilitate it. Incidents haven’t suddenly proliferated, but the recording of them has.

According to a December 2023 article in The Post, NZ Police stated that the platform was partially the reason for a rise in retail crime statistics.

This begs the question, did New Zealand’s infamous post-COVID retail crime surge actually happen? Did it happen to the extent that the statistics tell us it did? Or was the crime there all along, but just invisible to official reporting.

Technology-enabled changes to reporting practices make longitudinal analysis of New Zealand’s retail crime statistics, such as changes to crime rates over time, inherently risky. Using this incoherent data may well risk poor policy outcomes, misplaced security investments, deployment of inappropriate technologies, and unrealistic expectations.

Sir Arthur Conan Doyle is quoted as having remarked “It is a capital mistake to theorise before one has data.” I’d add that it would also be a mistake to do so with data as problematic as New Zealand’s retail crime statistics.

Conclusion

So, to what do we attribute New Zealand’s post-COVID retail crime bubble? Underlying economic conditions, policies and response measures, or changing reporting practices?

There is strong evidence supporting the notion that the underlying post-COVID economic conditions of historically high inflation and low household affordability likely played a part in increasing property-related retail crime between 2021 and 2024 (inclusive).

It is possible that government-led initiatives and new technologies, along with other measures, may have contributed to a reigning in of retail crime, but this has not been objectively verified.

It is evident that retail crime reporting has dramatically increased in response to calls within the retail sector for increased reporting coupled with the widespread adoption of enabling reporting technologies. These changes to how retail crime is reported means that we need to treat recent years’ retail crime statistics with a high degree of scepticism. We should not for example, rely on official metrics to compare current retail crime rates with previous years.

In short, retail crime has not increased since 2019 to the extent to which the statistics tell us. Without appropriate explainers, the statistics are profoundly misleading, and using them to inform responses to retail crime will likely prove profoundly misguided.

unbreakable universal mounting

•Low power consumption - low operating temperature

•One product suits floor and wall mounting

•Universal armature - offsets to 55º to suit doors opening past 90º • Wall mount extensions available •12 & 24 VDC selectable • Push off button with no residual magnetism • Oversize armature for easy alignment • Emergency release button

•Electroless nickel plated armature and electromagnet

•Stainless fastenings • Full local support and back up

10 YEAR GUARANTEE*

Designed, tested and produced in New Zealand to AS4178

B)Wall

Surface and Recess mounting

This device enhances an outstanding range of unbreakable products which conveniently hold open fire doors. When a smoke/fire alarm is activated the magnet instantly releases the door to the closed position to prevent the spread of smoke and fire. These units feature a choice of 3 covers for optimum aesthetic appeal and durability. The installer can utilise one device for surface mounting or for recess mounting.

NZ’s health data hack needs a proper diagnosis – and a transparent treatment plan

Victoria University of Wellington Research Fellow Dr Dylan Mordaunt writes that preventing a repeat of the MMH breach requires controls that operate at system level and can be independently audited.

Dylan A Mordaunt is a Research Fellow in the Faculty of Education, Health, and Psychological Sciences, Te Herenga Waka — Victoria University of Wellington.

Two cyber hacks have highlighted the vulnerability of New Zealand’s digital health systems – and the vast volumes of patient data we rely on them to protect.

Following the hacking of Manage My Health – compromising the records of about 127,000 patients – and an earlier breach at Canopy Health , a concerned public is asking how this happened and who is to blame.

The most urgent question, however, is whether it can happen again.

What we know so far

Manage My Health (MMH) – a patient portal used by many general practices to share test results, prescriptions and messages – published its first public notice about a cyber security incident on New Year’s Day.

According to the company, it became aware of unauthorised access on December 30, after being alerted by a partner. It says it immediately engaged independent cyber security

specialists and that the compromise was limited to its “Health Documents / My Health Documents” module.

The Office of the Privacy Commissioner confirmed it was notified on January 1 and later published guidance for those affected. The National Cyber Security Centre also issued an incident notice.

MMH has since obtained urgent High Court injunctions that restrain the use or publication of data taken. In its decision, the court described activity patterns consistent with automation, including unusually high-frequency behaviour and repeated access attempts.

While this sheds some light on how the hacker operated, it does not establish which specific technical control failed – or where responsibility ultimately lies.

We have now also learned that a second provider, Canopy Health, experienced unauthorised access to parts of its administrative systems six months ago, with some patients only being notified this week.

Image: Manage My Health.

Why framing matters

When health data is stolen at scale, it might be tempting to frame it as “cyberterrorism”. That term, however, has a specific and contested meaning.

Security scholar Dorothy Denning’s widely-cited definition limits cyberterrorism to attacks intended to coerce or intimidate in pursuit of political goals, and which cause severe harm – not financially motivated intrusions or large-scale data theft alone. By that standard, the MMH incident does not clearly qualify. Why does the label matter? Because the way breaches are framed shapes the response.

Casting an incident as “cyberterror” can privilege speed over evidence, and dramatic reassurance over careful diagnosis. It can also encourage what critics describe as “security theatre”: visible but poorly targeted measures that look decisive without necessarily reducing risk.

Research on cyber-threat politics shows that threat narratives influence which problems receive funding, which solutions are prioritised and which questions are ultimately sidelined.

So far, the government’s response has centred on commissioning a review. In announcing it , Health Minister Simeon Brown framed MMH as a privately operated portal used by some general practices, and asked the Ministry of Health to review the response by MMH and Health New Zealand.

That approach makes sense from a stewardship perspective. But it also creates an immediate transparency problem.

If government agencies are part of the system response, a ministry-led review can look like “marking our own homework” unless the terms of reference and independence are explicit.

At minimum, the review needs a transparent method, a clear boundary between facts and assumptions and a public explanation of what evidence will be examined.

An obvious starting point is clarifying who holds the data and who is accountable. MMH’s privacy statement and terms of use outline how information is made available through the portal and the responsibilities of users.

But public sources do not fully set out the underlying hosting arrangements, the role of subcontractors, or how responsibility is allocated between different parties. Without a clear “data custody chain”, accountability becomes diffuse.

What real fixes look like

Offering advice to users – such as that around unique passwords, multi-factor authentication and phishing – may be important, but it is only the baseline.

Preventing a repeat of the MMH breach really depends on controls that operate at system level and can be independently audited.

First, portal operators should maintain a credible vulnerability-

disclosure programme that publicly sets out how security issues can be reported, responded to and tracked.

Second, independent testing must be anchored to explicit standards, not general assurances that a system has been externally checked.

Third, governance needs teeth. Procurement contracts should require proof that basic controls are in place, along with clear timelines for responding to incidents and preserving evidence.

A national framework can help here – and New Zealand’s health agencies already publish their own security frameworks .

Finally, communication should be treated as part of security. Clear, consistent notifications reduce confusion and with it the opportunity for scammers to impersonate security.

In the fallout of this debacle, what matters most now is seeing evidence of improvements across the system.

That means being able to see what was fixed and how it was verified, what will be tested next and by whom, and what will change across the wider health sector, not just within a single portal.

For people affected, the immediate priority is to follow official guidance and remain cautious about phishing or impersonation attempts. The government’s advice on Own Your Online is a sensible starting point.

This article was originally published in The Conversation on 14 January 2026.

Image: Manage My Health.

Navigating the Evolving Threat Landscape: Physical security risks

Mastering physical security risk management is about more than erecting barriers; it’s about cultivating foresight and adaptability, according to ICARAS Security Consultants.

In an increasingly unpredictable world, large organisations must grapple with a multifaceted array of physical security risks that threaten not only their operational integrity but also the well-being of their people and the sanctity of their assets. From the corporate hubs of Auckland to the industrial heartlands of Christchurch, these risks demand a proactive, nuanced approach to risk management.

Drawing inspiration from robust frameworks like New Zealand’s Protective Security Requirements (PSR) – which, while primarily geared towards government entities, offers timeless principles adaptable to the private sector – this article delves into the core elements of identifying and mitigating physical threats.

By fostering a culture of vigilance and strategic planning, businesses can transform potential vulnerabilities into fortified strengths, ensuring resilience in the face of adversity.

This exploration is not merely an academic exercise; it’s a call to action for leaders to embed physical security risk management into their organisational DNA. We’ll examine key threat categories, enriched with real-world insights and practical considerations, to help you craft a bespoke strategy that safeguards your

enterprise without the pitfalls of generic solutions.

Safeguarding People: Prioritising employee and stakeholder wellbeing

At the heart of any effective physical security strategy lies the protection of human lives – employees, clients, and visitors alike. In New Zealand, threats to personal safety often stem from workplace incidents such as violence, harassment, or theft, which can erode trust and productivity.

Private sector entities, much like their public counterparts under the PSR, benefit from personnel-focused measures that include thorough vetting processes, ongoing training in emergency protocols, and the

establishment of safe zones within facilities. By conducting regular drills and fostering an environment where staff feel empowered to report concerns, businesses can mitigate risks that might otherwise escalate into crises.

The key is a methodical assessment that links each protective step – from access badges to evacuation routes –directly to identified vulnerabilities, ensuring nothing is implemented in isolation.

Fortifying Assets: Defending tangible and intangible valuables

Large organisations often steward vast portfolios of assets, ranging from high-value inventory and specialised equipment to proprietary knowledge embedded in physical forms. Theft,

vandalism, or accidental damage from internal lapses or external intrusions can inflict substantial financial blows, disrupting supply chains and tarnishing reputations.

External threats, such as organised crime targeting warehouses in ports like Tauranga, highlight the need for layered physical defences: secure perimeters, surveillance systems, and inventory controls. Internally, risks from disgruntled employees or inadvertent errors necessitate policies that blend access restrictions with ethical training.

Adapting PSR-inspired principles, private firms can conduct comprehensive audits to map asset vulnerabilities, designing mitigations that are precise and proportionate.

For instance, installing reinforced storage for sensitive materials isn’t just about the hardware; it’s about a process that evaluates threat likelihood and impact, avoiding the trap of overengineered solutions that inflate costs without addressing root causes.

Confronting External Perils: Terrorism, unrest, and geopolitical tensions

New Zealand’s relative geographic isolation does not render us immune to global upheavals. Acts of terrorism, civil unrest, or politically motivated disruptions – though infrequent –can have profound repercussions for

organisations with high-profile sites or international ties.

The 2019 Christchurch mosque attacks serve as a sombre reminder of how such events can ripple through communities and businesses, necessitating heightened preparedness.

In this domain, crisis planning becomes paramount: developing incident response frameworks that include liaison with local authorities, secure communication channels, and contingency operations. Private sector adaptations of PSR guidelines emphasise risk intelligence gathering, such as monitoring regional tensions that might affect operations.

By subtly integrating consultancy expertise, organisations ensure that every countermeasure – from fortified entry points to rapid lockdown procedures – is tailored to specific scenarios, rather than relying on superficial evaluations that prioritise equipment sales over strategic depth.

Navigating Supply Chain Vulnerabilities: Ensuring operational continuity

In a nation reliant on imports and exports, supply chain disruptions pose a stealthy yet potent threat to physical security. Geopolitical frictions impacting trade routes can halt deliveries, strand assets, and expose facilities to secondary risks like looting during downtime.

Effective management here involves mapping dependencies, diversifying suppliers, and incorporating buffer stocks into physical planning. Drawing from PSR’s holistic approach, private enterprises can embed resilience through site assessments that consider not just immediate premises but extended networks. This might include secure warehousing partnerships or alternative routing protocols.

The underlying process – a rigorous, evidence-based methodology – ensures mitigations are not scattershot but deliberately aligned, steering clear of expedient reviews that gloss over complexities in favour of pushing unnecessary installations.

Building a Resilient Framework: From Identification to Implementation

The threat landscape for New Zealand organisations is dynamic, influenced by societal changes and economic pressures. Regular risk assessments, informed by frameworks like the PSR, enable private sector leaders to anticipate rather than react, weaving together protections for people, assets, and operations into a cohesive tapestry.

Engaging a specialised security risk management consultancy, such as ICARAS, can elevate this process by emphasising precision: every mitigation is meticulously designed to counter a pinpointed risk, transforming what might otherwise be a costly exercise into a value-driven investment.

This contrasts with less structured offerings that may overlook methodological rigour, potentially leading to inefficient expenditures on hardware without true alignment to threats.

In conclusion, mastering physical security risk management is about more than erecting barriers; it’s about cultivating foresight and adaptability. By embracing these principles, New Zealand’s large organisations can not only weather storms but thrive amidst them.

This is an abridged version of an article that was originally published on the ICARAS website.

High risk scam targeting communities in Tonga and New Zealand

The Financial Markets Authority (FMA) and the National Reserve Bank of Tonga are warning investors in Tonga and New Zealand about a Ponzi-style investment scam circulating in both countries.

The scam, known as BG Wealth/DSJ EX, is part of a wider Ponzi style investment scam known as TXEX, which uses multi-level marketing (MLM) type recruitment tactics.

The FMA’s warning currently lists 813 websites and 30 entities that have been linked to this investment scam.

FMA Executive Director of Licensing and Conduct Supervision, Clare Bolingford, says people are losing significant amounts of money to the scam, which is particularly prevalent in Tongan communities across New Zealand, Tonga, Australia and the United States.

“Together with the National Reserve Bank of Tonga we want to raise awareness of this scam and remind people – do not download the app, do not invest and don’t share it in your community networks.”

The scammers start by inviting people into investment groups on social media platforms including WhatsApp, Viber and Bon Chat. The groups are often led by a professor and his assistant, they promise 100 percent returns and encourage victims to recruit their friends and family into the scam.

Once in the group, victims are told to open a cryptocurrency exchange account and load it with funds from their bank. The scammers then tell

them to transfer their cryptocurrency into a so-called trading account on a fake app. The app contains malware, creating risk of further harm.

People are often unaware early into the scam as they can initially make a few trades, so the platform feels authentic. Early recruits are even able to make small withdrawals which builds trust and encourages them to recruit others. But when they try to withdraw their full funds, they are told they need to pay a fee to release the money. Even if they pay the fee, they will not get their money back.

As with other Ponzi schemes, once recruitment slows, all users are locked out of their accounts and the scammers disappear.

How the scam works

The scammer initiates the scam by setting up a series of groups in chat apps, such as WhatsApp, Viber or Bon Chat. The groups appear popular but are mostly filled with bots.

People can end up in these chats in a variety of ways. They may, for example, receive a phishing text message claiming to be from a financial institution, receive a spam group invite directly to the groups, or be invited by someone they know. The group is led by a person that may refer to themselves as a “mentor”, “coach” “professor”, “assistant” or “crypto adviser”.

The scammer typically promises 100% returns with “trading signals” shared at fixed times, twice a day,

Clare Bolingford. Image: FMA.

and users are encouraged to invite new recruits (often friends or family), receiving rewards for each person they recruit.

Users are then instructed to open an account at a cryptocurrency exchange and load it with funds from their bank account. They are then instructed to transfer this cryptocurrency into a socalled “trading account”.

The scammer will introduce the user to an investment platform which comes highly recommended. The platforms have gone to great lengths to appear authentic by gaining overseas licences.

The user will be able to use the investment platform to make a few trades, so they believe the platform is authentic and encouraged to invest more funds. But when the user asks to withdraw funds, they are told they must pay a significant fee to release the money. Even if these fees are paid, no money is returned.

Once recruitment slows the bubble pops, all users are locked out of their accounts and the scammers disappear.

Extreme caution

“We recommend extreme caution around this investment scam,” said National Reserve Bank of Tonga Governor Tatafu Moeaki.

“If you know family members, friends especially people in in Tongan communities both in Tongan and New Zealand already involved, please share our warnings with them immediately. This scam often promises fast and easy payouts but there are no guaranteed quick pay outs, only high risks of loss.”

“We encourage people to take extra care when making investment decisions and seeking out investment advice. Be very cautious if anyone or organisation offering investment opportunities through social media platforms. Report any suspicious activity without delay to the FMA or the Reserve Bank of Tonga”.

“By raising awareness of these scam methods and encouraging investors to stop and think carefully before making investment decisions that might be driven by a scam, we hope to protect our communities from harm,” said Moeaki.

What to do if you’ve been scammed

Stop engaging with the scammers. Do not provide any further personal information or payments to them. Report the group chats to the messaging platform and block the scammers on all devices.

If you have downloaded remote access software on the instructions of the scammers, immediately contact an IT professional to have your device checked for malware. If you have accessed your bank account or other payment systems while the remote access software was operating on your device, report this to the relevant account providers.

If you have shared any other personal information or downloaded any software at the scammers’ request, contact IDCare for help creating a plan to secure your identity.

If you are getting spam emails and text messages, report these to the Department of Internal Affairs.

Tell a trusted relative or friend what has happened. They may help you see the situation more clearly, help you deal with the scammers, and suggest what to do next.

In New Zealand, contact Victim Support on 0800 842 846 or visit their website. They can provide free emotional and practical support and information.

Finally, report the scam to your local financial regulator: FMA in New Zealand, ASIC in Australia, National Reserve Bank of Tonga.

Companies fined after apprentice falls from height installing CCTV

Two companies in the UK have been fined after an apprentice fell through a roof. One failed to properly plan for the work, and another failed to produce documents as part of an investigation.

Two companies have been fined after an apprentice fell from height while installing CCTV in Weymouth, United Kingdom.

The then 20-year-old electrical apprentice had been working at a site at a commercial industrial estate on 13 July 2022. He had been using a makeshift crawling board when he fell around 11 feet through a fragile roof to the concrete floor below.

The incident took place on the roof of a lean-to attached to a main warehouse. The project involved the installation of electrical cables and conduit around the perimeter of the warehouse in readiness for the installation of CCTV.

The man lost consciousness at some point prior to the arrival of the ambulance and could not feel his body. He was unable to walk temporarily after the incident and sustained injuries to his back, including muscular tissue damage which requires physiotherapy.

An investigation by the UK government’s Health and Safety Executive (HSE) found that the employer failed to ensure the health, safety and welfare of their employees, by failing to properly plan and provide suitable equipment to prevent the fall through the fragile roof.

Working at height remains one of the leading causes of workplace injury and death and HSE has detailed guidance on working safely at height.

According to HSE guidance, workers should not have worked on the fragile roof where it was avoidable. Where roof work is not avoidable, edge protection, roof coverings and stagings or similar should be in use to stop a fall, with personal fall protection where needed.

A second company has also been fined after they failed to comply with a HSE demand to produce documents to assist its criminal investigation into the incident.

The employer pleaded guilty to breaching Section 2(1) of the UK Health and Safety at Work etc. Act 1974. The company was fined £16,000 and ordered to pay £4,168 in costs at Bristol Magistrates Court on 28th November 2025.

The second company pleaded guilty to breaching Regulations 20(2)(k) of the UK Health and Safety at Work etc. Act. The company was fined £6,000 and ordered to pay £1,200 in costs.

“Every year, a significant proportion of incidents, many of them serious and fatal, occur as a result of poor work at height planning,” said HSE inspector Rebecca Gittoes after the hearing.

“In this case, a young man at the start of his career was failed by his employer”.

“Had the company suitably risk assessed the task, provided suitable work equipment and a safe system of work, this incident would not have happened.”

Gallagher’s 2026 Industry Trends Report identifies opportunities

Gallagher Security has released its 2026 Security Industry Trends Report, highlighting a growing opportunity for security to play a more strategic, value-driven role across organisations worldwide.

Drawing on insights from end users, channel partners, consultants, and technology stakeholders across the world, the 2026 report shows security continuing to evolve beyond traditional protection.

According to Gallagher, as organisations look to simplify complexity and make more informed decisions, security systems are increasingly being recognised for their ability to support operational efficiency, compliance, accountability, and business performance.

“This year’s report highlights a real opportunity for security,” said Mark Junge, Gallagher Security Chief Executive. “Organisations are asking more strategic questions about how security can reduce complexity, create clarity, and deliver value that reaches well beyond the security team.”

The report notes the growing role of return on investment (ROI) as a “shared language” between security leaders, executives, IT, and operations. While confidence in measuring ROI varies, the findings suggest many organisations are already generating tangible value from their security systems through integration, data, and automation.

According to Gallagher, opportunity now lies in better articulating that impact in ways that resonate across the business.

Reflecting this shift, integration has emerged as the number one factor

influencing security system decisions, says the Hamilton-based manufacturer.

“Rather than focusing solely on individual features, organisations are prioritising connected platforms that unlock insight, improve efficiency, and help maximise the value of existing investments. For many, this represents a practical and achievable path to stronger outcomes without significant disruption.”

The report also highlights how security’s influence is expanding as purchasing and strategy decisions increasingly involve IT, finance, facilities, HR, legal, and executive leadership. This broader involvement, it suggests, is opening new opportunities for security teams to contribute to wider business objectives, supported by solutions that emphasise ease of use, strong support, and clear communication.

“Security has a real opportunity right now to elevate its role,” Junge

added. “When security leaders can clearly communicate impact – whether that’s time saved, risk reduced, or efficiency gained – it builds trust and enables stronger collaboration across the organisation.”

While adoption of cloud services, AI-enabled tools, and advanced analytics continues to grow, the report suggests the industry is entering a more mature phase of innovation. Organisations are increasingly focused on technologies they can trust, clearly understand, and confidently deploy, creating space for solutions that deliver practical, measurable outcomes rather than promise alone.

According to Gallagher, the findings point to an industry moving into its next phase of opportunity, “one where security’s success is defined by impact, clarity, and confidence.”

Gallagher Security’s Industry Trends Report 2026 is now available for download .

Two PAK’nSAVE stores found in breach of Privacy Act

Two PAK’nSAVE stores have been named by the Privacy Commissioner for breaching the Privacy Act. Both failed to have adequate oversight of third-party providers who were providing security services to the stores.

According to an announcement by the OPC last December, breaches of the Privacy Act by C Park Traders Limited (formerly trading as PAK’nSAVE Clendon) and Hutchinson Bros Limited (trading as PAK’nSAVE Royal Oak), were notified to OPC in early 2025.

The incidents involved third-party security guards who were engaged to work in the stores, with one of the incidents also involving a store employee. The security guards shared images of customers, accompanied by allegations of theft or criminal activity.

As a result, both individuals whose images were shared faced a heightened risk of harassment and reputational harm. In the case of the Royal Oak store, the subject of the shared image was former Member of Parliament Golriz Ghahraman.

The image of Ms Ghahraman, taken in October 2024, was published online in January 2025 along with an accusation of shoplifting leading to them facing harassment and threats.

Due to the apparently poor quality of the store’s CCTV footage, the image has been taken on a personal mobile device.

FoodStuffs North Island issued a direct apology on behalf of the store.

Privacy Commissioner Michael Webster said, “We found similar issues of concern where both stores did not meet expectations set out in the Privacy Act relating to the Storage and security of information.”

“The decision to name the two individual stores is a significant step and was made because of the seriousness of the issues and their public interest,” said Mr Webster.

“Both stores lacked important safeguards that retailers should have in place when allowing third party providers access to sensitive information such as surveillance information.”

The Privacy Commissioner explained that organisations engaging third-party agents who access or operate surveillance or loss-prevention technologies (such as CCTV) should ensure that privacy obligations are explicit, enforceable, and routinely monitored to prevent harm.

This ensures that information is kept safe, he said, and it maintains public confidence in how personal information is handled.

According to the NZSA, the Privacy Commissioner’s findings are a timely reminder for the security industry that “outsourcing security does not outsource privacy responsibility.”

“The Commissioner found the root cause wasn’t just poor judgement - it was a lack of training, clear contracts and proper oversight,” said the Association.

It said that lessons arising from the incidents included the need for strong, enforceable privacy clauses in contracts; role-specific privacy training for all security staff; and clear policies, supervision and accountability. Additionally, personal devices should not be used for surveillance.

“Public trust in surveillance depends on professionalism and discipline. As an industry, we must treat access to personal information as a serious responsibility - every time.”

Good security is good for the nation: Takeaways from Sweden’s crisis and war preparedness framework

A recently published Swedish government document urges businesses to get resilient. It’s no humdrum promotion of corporate best practice, writes Nicholas Dynon, but rather a call to urgent action in the face of Russian aggression.

Nicholas Dynon is chief editor of NZSM, and a widely published commentator on New Zealand’s defence, national security and private security sectors.

In late 2025, Sweden quietly crossed a psychological threshold. For the first time in generations, the Stockholm formally addressed its business community with a blunt message: armed conflict is no longer a remote possibility, and companies must be ready to operate through crisis – and even war.

The result is Preparedness for businesses – In case of crisis or war, a government-issued guidance document aimed at strengthening national resilience by embedding preparedness across the private sector.

The initiative comes 18 months after the Scandinavian state took the unprecedented step of joining NATO, a move marking an abrupt end to its centuries long history of military nonalignment. The invasion of Ukraine by Russia had effectively led Swedish officials to abandon neutrality and search for security in numbers.

“Armed conflicts are taking place close to us, and Sweden is affected,” states a prologue to the document.

“In the event of a crisis, or in the worst case, a war, Swedish companies play a decisive role in ensuring that our society continues to function. As a business owner, you contribute by maintaining your operations as far as possible.”

Image: Swedish Government.

Written for Swedish businesses, the framework has clear relevance for security professionals, infrastructure operators, and risk leaders anywhere who are grappling with an increasingly unstable global environment

Prepared for War, Resilient in Crisis

The Swedish approach rests on a simple yet powerful premise: if a society is prepared for war, it will be capable of handling any lesser crisis. Pandemic disruption, cyberattack, natural disaster, supply chain shock, and information warfare are all treated as part of a single continuum of risk. Businesses are explicitly recognised as critical enablers of national survival. Financial systems, logistics, food production, energy, communications, manufacturing, and health services are not adjuncts to defence – they are defence.

This framing elevates private enterprise from “stakeholder” to active participant in total defence, a concept that integrates military and civil preparedness into one coordinated national effort.

A more complex threat environment

Central to the guidance is the assumption that future crises will

be multi-layered and hybrid in nature, think polycrisis or threat convergence. Sweden’s planning model anticipates:

• Long-duration power outages (weeks or months)

• Failure of electronic payments and communications

• Severe fuel and energy shortages

• Disruption to air, rail, road, and maritime transport

• Workforce availability constraints

• Cyberattacks combined with disinformation campaigns

• Pressure on international trade and just-in-time supply chains

Rather than treating these as distinct potentialities, Swedish businesses are instructed to assume they will occur simultaneously. This complex threat picture mirrors trends already familiar to security professionals closer to home – particularly those responsible for critical infrastructure, retail resilience, ports, aviation, energy, and digital systems – and particularly those of us versed in the ‘all hazards, all threats’ approach.

Critical Infrastructure: Beyond the obvious

The document defines critical infrastructure broadly. Much like the

Australian government has done in recent years via its Security of Critical Infrastructure Act, the document extends beyond traditional utilities to include:

• Food production and distribution

• Electronic communications

• Postal and logistics services

• Fuel and energy supply

• Construction materials and industrial manufacturing

• Health and social care services

• Data and information systems

Importantly, the guidance emphasises that many businesses do not realise they are critical until they fail. Interdependencies – suppliers, subcontractors, data providers, transport partners – are treated as risk multipliers.

This reinforces the importance of looking beyond organisational boundaries and assessing how failure propagates across systems, between organisations, and throughout supply chains.

Continuity as a core capability

Business Continuity Management (BCM) is positioned within the guidance not as an exercise in compliance documentation, but rather as an operational survival skill. It urges Swedish businesses to:

Image: Swedish Government.

• Map essential functions that must continue at all cost

• Identify critical dependencies such as staff, electricity, IT systems, transport, and suppliers

• Analyse supply chain vulnerabilities, including international dependencies

• Develop fallback arrangements, including stockpiling, backup power, and alternative production methods

• Ensure key expertise is not concentrated in single individuals

The emphasis is pragmatic: continuity planning must assume limited information, degraded communications, and prolonged disruption.

Workforce reality in crisis and war

Staffing is treated as one of the most fragile components of resilience. The guidance assumes that during major crises or war:

• Some staff will be unable to travel

• Others may be reassigned to civil or military defence roles

• Anxiety, misinformation, and family pressures will affect attendance

• Normal HR assumptions will fail

Businesses are encouraged to identify (i) roles that must be physically present, (ii) functions that can be performed remotely, (iii) tasks that can be simplified or paused, and (iv) options for cross-training and role substitution.

In Sweden, it points out, employment contracts remain valid even in wartime, and businesses are expected to plan on that basis.

Crisis management a must Plans are only useful if exercised, and companies are advised to establish crisis organisations with clear roles covering leadership, communications, situational awareness, personnel, operations, logistics, and security. Hard-copy contact lists, alternative communication channels, and physical meeting points are strongly recommended – an implicit acknowledgement that digital systems may not be available when needed most.

Image: Swedish Government.

All staff should have basic competence in first aid, fire safety, evacuation procedures, and situational awareness.

Cybersecurity and psychological defence

Cybersecurity is treated as inseparable from national defence. The guidance stresses:

• Risk-based cybersecurity management

• Multi-factor authentication and strict access controls

• Regular, offline data backups

• Supplier trust and equipment integrity

• Clear response procedures for cyber incidents, including mandatory reporting

Equally significant is an emphasis on psychological defence. Disinformation, propaganda, and malign influence are recognised as strategic weapons designed to erode trust, amplify fear, and disrupt decision-making. To strengthen psychological defence, the document urges businesses to:

• Train staff in source verification

• Avoid amplifying unverified information

• Maintain trusted communication channels with employees, customers, and partners

• Seek confirmed information from authorities during crises

Contribution, not just survival

Perhaps the most distinctive element of the Swedish framework is its

expectation that businesses adapt to support societal needs, including doing such things as:

• Repurposing production lines

• Supporting logistics or storage

• Sharing information with authorities

• Participating in coordinated publicprivate response mechanisms

Some obligations may arise through pre-existing agreements with government agencies, particularly in procurement, and the logistics, transport, and energy sectors.

Relevant takeaways?

While New Zealand’s strategic context clearly differs from that of northern Europe, the Swedish model raises uncomfortable but worthwhile questions:

• Are our businesses prepared for prolonged disruption?

• Do continuity plans assume functioning infrastructure?

• Is cybersecurity treated as a strategic risk or an IT issue?

• Are workforce dependencies realistically assessed?

• How would businesses respond to a coordinated cyber, supply chain, and information attack?

Sweden’s message is clear: resilience cannot be outsourced to government. It must be built, practised, and owned by every organisation that underpins society… it is, ultimately, a whole-ofsociety responsibility.

Weaponised Loneliness: How isolation has become a global security threat

A new report charts the rise of a global ecosystem of violent extremism, hate, and child sexual exploitation and harm, and its being driven by loneliness.

Loneliness has long been treated as a social or public health issue. Increasingly, however, it must also be understood as a deliberately exploited vulnerability within a rapidly evolving global harm ecosystem. That’s according to Weaponised Loneliness, a new intelligence briefing by risk intelligence platform provider Resolver that highlights the scale and speed with which this ecosystem is growing.

The report documents the emergence of a decentralised, transnational online threat environment commonly referred to as ‘the Com’, a loose ecosystem of overlapping actors and subcultures linked by shared tactics, aesthetics and methods of exploitation. Binding these actors together is not ideology or criminal hierarchy, but rather a fixation on power, notoriety and control, often achieved through extreme violence.

At the centre of this ecosystem lies a disturbing insight: loneliness is no longer merely a state of mind or threat to mental health — it’s become weaponised.

A hybrid threat

A key observation of the report that this phenomenon cannot be neatly categorised. Law enforcement agencies variously describe elements of the Com as sadistic exploitation, nihilistic violent extremism or hybridised online

harm. Resolver’s conclusion is that none of these labels alone is sufficient.

The Com spans child sexual exploitation and abuse (CSEA), suicide encouragement, self-harm, cybercrime, hate speech, violent extremism and offline physical violence. These harms are interconnected, escalate rapidly and frequently cross national and jurisdictional boundaries.

Traditional siloed approaches to dealing with these, whether focused solely on extremism, child safety, cybercrime or mental health, struggle to keep pace.

What makes threat particularly acute is the age profile involved. Many victims are children and adolescents. Many perpetrators are also minors or young adults, often drawn in through the same vulnerabilities they later exploit.

“What makes the Com an especially egregious risk is that the majority of perpetrators and victims are children and young adults,” states the report.

“Interventions to the manifold risks presented by the Com, whether countering violent extremism or preventing suicide and self-harm, must place child protection at the fore to be effective.”

Loneliness a tactical vector

Careful to distinguish everyday loneliness from what it terms weaponised loneliness – the deliberate identification, grooming and exploitation of socially isolated individuals – the report shows that individuals targeted by the Com frequently experience:

• social exclusion or marginalisation

• mental health distress or prior selfharm

• neurodivergence or disability

• experiences of bullying, abuse or neglect

• identity-based isolation

These vulnerabilities are not incidental. They are actively sought

out in online spaces such as gaming platforms, forums, social media, livestream environments and niche communities focused on mental health or self-harm.

Initial contact often begins with empathy and validation. What follows is grooming and a gradual escalation toward coercion, exploitation and participation in harm — sometimes against others, sometimes against oneself.

The Tripolar Harm Spectrum

Resolver maps Com activity across what it describes as a tripolar harm spectrum:

• Sadism Com: focused on sexual exploitation, self-harm coercion and suicide encouragement

• Terror Com: incorporating nihilistic, accelerationist and farright aesthetics, with increasing offline violence

• Finance Com: driven by cybercrime, extortion and cryptocurrency theft

While distinct in emphasis, these poles overlap in membership, tactics and infrastructure. Individuals and groups migrate between them. Shared tradecraft, such as doxing, swatting, ransomware, and livestreamed abuse, creates a fluid and adaptive threat environment.

Crucially, the report highlights that victim and perpetrator roles are not fixed. Individuals groomed into these communities may later be coerced into abusing others, blurring moral and legal categories and complicating intervention strategies.

Platforms as battlespace

The Com is fundamentally platformenabled, and Resolver’s analysis indicates that no single type of online service is immune, with platforms providing enabling spaces and vehicles, including private messaging, group chats, livestreaming, anonymity, encryption, virtual currencies and cross-platform linkages.

Gaming environments, in particular, feature prominently, not because games are inherently unsafe, but because they combine young user bases, social interaction, identity play

and digital economies. Mainstream social platforms, niche forums, paste sites and even bespoke Com-created websites all play roles at different stages of recruitment, grooming and escalation.

Importantly, Resolver notes that disruption by law enforcement on one platform rarely ends activity. Instead, groups adapt, migrate or fragment, often becoming harder to detect.

Traditional responses failing

The report identifies several ‘systemic constraints’ that it argues are limiting current responses to the phenomenon, including:

• detection tools struggle with novel content, particularly self-generated CSAM

• language, symbols and group identities evolve too quickly for static moderation

• siloed detection models miss crossrisk signals

• legal and regulatory barriers inhibit timely signal sharing

• frontline investigators face severe vicarious trauma and harassment risks

Perhaps most critically, responses often arrive too late — after individuals are deeply embedded, harms have escalated and rehabilitation becomes far more difficult.

What Needs to Change

Resolver outlines three priority areas for action across the Trust & Safety ecosystem:

Hybrid threat response structures

Child safety, extremism, self-harm and cybercrime can no longer be treated as separate domains. Organisational, regulatory and investigative frameworks must reflect the reality of convergence.

“Addressing this threat more effectively requires situating expertise together across child safety, selfharm, graphic content (gore), violent extremism and cyber-crime, beyond current siloes,” stated the report.

Proactive signal sharing

No single platform or agency sees

the whole picture. Early intervention depends on legally supported, privacyaware mechanisms for sharing high-risk signals across borders and sectors.

“No single stakeholder holds all the information required to respond,” it states. “AI and other forms of automated risk detection play a critical role, but it is trusted frameworks that permit and facilitate the sharing of high risk signals that will make a meaningful structural difference to immediate preventative action.”

Trauma-informed support and signposting

Enforcement alone is insufficient. Many pathways into harm can be interrupted through earlier support — for victims, at-risk users and even young perpetrators — before irreversible damage occurs.

“Not all engagement carries equal risk and particular consideration must be given to the most vulnerable, while respecting agency and the fundamental importance of children’s rights, including the protection of their online access,” states the report. “In tandem, additional materials and support for caregivers and parents will be vital to aid discovery, prevention and safeguarding.”

An issue hiding in plain sight

Weaponised Loneliness is a reminder that emerging threats rarely announce themselves in familiar forms. This is not just an online safety issue, nor solely a law enforcement problem. It is a societal resilience challenge with direct implications for public safety, mental health, digital governance and youth wellbeing.

Loneliness, when systematically exploited, becomes a force multiplier for harm. Ignoring that reality leaves a widening gap between how threats actually manifest and how we are structured to respond.

The uncomfortable conclusion of the report is also its most urgent warning: if we fail to address the conditions that allow loneliness to be weaponised, we will continue to fight symptoms rather than causes.

And by then, the damage may already be done.

Opinion: The Bondi beach attack and the illusion of security

Flagging a potential terrorist is no easy feat. Accurately divining a person’s future intentions is a devilishly difficult undertaking to pull off, writes Dr John Battersby.

Dr John Battersby is a lecturer at Massey University’s Centre for Defence and Security Studies. He is also Managing Editor of the National Security Journal.

The attack on Jewish participants at a Hanukkah celebration at Sydney’s Bondi Beach is a tragic reminder of the risk public mass killings present to modern societies and the near impossible challenge of preventing all of them.

Any mass killing regardless of the perpetrators’ motives is a challenge to the state. Law enforcement and intelligence agencies purport to deliver a safe, secure and peaceful environment for their citizens. A careful and conscientious effort is undertaken to deliver on this promise – but it is a promise that simply cannot be completely fulfilled.

Security is the acceptance that we are safe, regardless of whether we are. It is the illusion that police and intelligence agencies have the resources, people and knowledge to perfectly triage the genuine threats from the milieu of potential risks that exist. These often present as people resistant to authority, socially illfitting and often criminally violent. Others lurk in the darker encrypted spaces of the internet or in more open ones posting extremist and violent views using pseudonyms. These people occasionally surface to be more than their rhetoric but most of the time their risk to society is minimal.

Vastly more dangerous are the quiet and careful planners who watch for our vulnerabilities and are mindful that the police and intelligence agencies are looking for them. They are careful not to draw attention to themselves and work hard to circumvent the security measures deployed against them. Ultimately, they know the state’s limits in this regard – we cannot fully secure urban shopping centres and we cannot fortify a beach.

One of the Bondi perpetrators had failed to keep his head down. He was flagged for further investigation some years ago but was deemed not to be a concern at the time. Omar Mateen, perpetrator of the Orlando attack in 2016 was twice on an FBI watchlist and twice discounted as a potential threat before killing 49 people. Accurately divining a person’s future intentions is a devilishly difficult undertaking to pull off.

This week a man was sentenced for plotting a mass killing in Hawkes Bay last year. Similar interceptions of IS inspired plots in Germany and Poland in recent days demonstrate that searching for prospective threats is an effective means to stop them. However, the killings in Sydney demonstrate it simply does not work all the time.

The IRA riposte following the failure to kill British Prime Minister Margaret Thatcher in 1984 sums up the security challenge “We (the IRA)

only have to be lucky once. You (the security services) will have to be lucky always.”

easily forgotten. The success of the security services in these cases is understated, and the consequences avoided. They produce no graphic imagery and no memorable story. A mass killing on the other hand creates a media sensation, the event prompting day after day of copy, amplifying the act of terrorism.

Successful plot interceptions get reported once or twice and then are easily forgotten. The success of the security services in these cases is understated, and the consequences avoided. They produce no graphic imagery and no memorable story. A mass killing on the other hand creates a media sensation, the event prompting day after day of copy, amplifying the act of terrorism.

Acting in the public interest to report an event, the media becomes the chronicler of the plot and with that an essential part of it.

Terrorism is a political challenge casting a brutal light on the limitations of the state to protect its citizens. It is a challenge politicians cannot resist. Israeli Prime Minister Benjamin

Terrorism is a political challenge casting a brutal light on the limitations of the state to protect its citizens. It is a challenge politicians cannot resist. Israeli Prime Minister Benjamin Netanyahu pounced on the occasion to further his long running criticism of Australia’s policy on Gaza. Australian opposition politicians have accused

Netanyahu pounced on the occasion to further his long running criticism of Australia’s policy on Gaza. Australian opposition politicians have accused its government of not doing ‘enough’ to curb antisemitism. The definition of ‘enough’ is not given, and detail on exactly what ‘enough’ will comprise is conspicuously lacking.

its government of not doing ‘enough’ to curb antisemitism. The definition of ‘enough’ is not given, and detail on exactly what ‘enough’ will comprise is conspicuously lacking.

The celebrations by certain individuals and groups in Australia after the 7 October 2023 attack on Israel were appalling, crass and incited anti-Israeli/Jewish feeling. But we need to think very carefully before proscribing speech, or topics of speech – and in determining the punishment to be meted out for it.

already among the most restrictive in the world. Making it tougher on the vast bulk of law-abiding gun owners is unlikely to have any effect on terrorism occurrences in the future. The Lindt cafe attacker in 2014 acquired his firearm illegally. The Bondi attackers possessed improvised explosive devices. Firearms were not their only option.

is unlikely to have any effect on terrorism occurrences in the future.

The Lindt cafe attacker in 2014 acquired his firearm illegally. The Bondi attackers possessed improvised explosive devices. Firearms were not their only option.

In Russia prison terms are given for criticising Vladimir Putin. Is that the extent we want to go to?

Australia has also determined to review its gun regulations, which are

There is no question the attack at Bondi was an atrocity. That one of the victims had survived the Nazi holocaust in Europe only to be killed at a beach in Australia in 2025 is a grim testament to the brutal tragedy that has taken place. But as one lone voice in Congress, Barbara Lee, warned in 2001, making rash decisions in the emotional aftermath of such a tragedy can have far reaching and unintended consequences.

Australia has also determined to review its gun regulations, which are already among the most restrictive in the world. Making it tougher on the vast bulk of law-abiding gun owners

This article was first published in Massey News on 18 December.

A Professional Industry: NZSA reviews findings of PSPLA and PSSG report

The NZSA has released a report assessing the findings of the PSPLA and Private Security Stewardship Group (PSSG) 2024–2025 Annual Report. Professionalism is growing, but so is regulatory scrutiny.

Covering key licensing data, the PSPLA-PSSG annual report also highlights trends in complaints, investigations and inspections that serve as a timely reminder for all security businesses.

That’s according to the NZSA, the security industry’s peak association and participant in the PSSG, which has – in response – released a report that it says provides clear and practical implications and actions for its members.

“We encourage all members to review the NZSA report, check their compliance, and ensure strong management systems are in place to support a professional, well-trained and trusted industry,” said the Association in an announcement.

The report provides one of the clearest snapshots yet of where New Zealand’s private security sector stands – and where it is heading.

Presented against a backdrop of softer economic conditions, heightened regulatory scrutiny and an evolving threat environment, it paints a picture of an industry that is broadly compliant and increasingly professional, yet still constrained by persistent structural weaknesses.

Notably, these weaknesses are concentrated not across the sector as a whole, but within a relatively small cohort of poorly governed operators whose actions continue to draw disproportionate regulatory attention.

Although a 2024-25 retrospective, the report signals that compliance expectations are rising and that legislative reform will likely further sharpen the tools available to regulators. At the same time, companies that invest in training, systems and governance will be well positioned to differentiate themselves.

Stabilising workforce in a softer economy

Ironically, notes the report, CoA application volumes have declined year-on-year, yet the total number of licensed and certified personnel has continued to grow.

As at 30 June 2025, New Zealand’s regulated private security workforce comprised 33,689 current Certificate of Approval (CoA) holders, 963 temporary CoAs (down

sharply year-on-year), 735 individual licence holders, and 1,575 company licence holders. In 2024-25, the total of applications submitted for CoAs was 9,315, down 17% from the previous year.

While application numbers declined—reflecting reduced job churn and fewer new entrants in a softer labour market— the overall pool of licensed personnel continued to grow. This is partly explained by the five-year validity period of CoAs and licences, meaning workforce figures still include individuals who may no longer be actively employed in the sector, including those granted a CoA during a postCOVID surge during 2021-23.

The report notes a stabilisation following the postCOVID surge. Those certificates will begin coming up for renewal from 2026 onwards, offering a “clearer picture of long-term workforce retention”.

In addition to longer term trends, notes the NZSA, festivals, major events and international visitors remain strong short-term demand drivers, with busy summer seasons expected to continue to influence application volumes yearto-year.

Temporary CoAs and the training bottleneck

The failure of temporary CoA holders to progress to full certification is an often cited concern within the industry, and the 2024–25 numbers shed light on the current state of the issue.

Over the year, 4,826 temporary CoAs were issued, a decrease of 27% from the previous year, while the number of full CoAs issued was up by 5% to 6,777.

While the NZSA notes that the growth in fully licensed personnel is a positive trend, indicating “improved transition from temporary to full CoA in many areas”, it also points out that most of the 23% of full CoA applications declined by the PSPLA are failed due to applicants having not completed the required training.

“Companies must remain vigilant in ensuring that temporary CoA holders are actively supported through

training and transitioned to full CoAs,” states the NZSA. “Failure to complete training should be managed out where at all possible.”

Vetting, objections and the role of police scrutiny

According to the report, the data on police objections provides reassurance that vetting remains a robust gatekeeping mechanism. During the year:

• 270 Police objections were filed, down 26% (consistent with 17% drop in CoA applications).

• 68% of objected applications were declined

• 30% proceeded or were withdrawn

• 2% remain on hold pending criminal outcomes

With both application numbers and police objections down, the numbers suggest that police have maintained a consistent approach to filing objections. With the high decline rate in relation to applications that are the subject of an objection, the system appears to be achieving a degree of efficacy in filtering out unsuitable applicants before they enter frontline roles.

Complaints at record levels

It was a record year for complaints received by the PSPLA in 2024–25, but the numbers as a proportion of the CoA holder population remains low at less than 0.6%. During the year:

• 224 new complaints were filed, up 20% year-on-year

• Less than 0.6% of all licence and CoA holders were subject to a complaint

• 65% of complaints were Police-initiated

• 24% came from members of the public

• 11% were self-referred through PSPLA or CIPU activity

The majority of complaints involved working without the required licence or CoA, employing staff who do not hold valid CoAs, breaches of licence conditions, and failure to display CoA while on duty.

The report makes it clear that this increase does not signal widespread deterioration in conduct. “Growing complaint volumes are linked directly to increased proactive inspections – not necessarily increased misconduct,” states the NZSA. “Members with strong systems should view this as a validation opportunity, not a risk.”

For professional operators, this shift should be welcomed. Increased inspections create a clearer distinction between compliant and non-compliant businesses, rewarding those with robust governance and exposing those without it.

Investigations and prosecutions: a familiar pattern

During 2024–25, 63 new investigations were received and 77 were completed. Outcomes included prosecutions, formal warnings, education interventions, fines, reprimands and cancellations of licences or CoAs.

Five prosecutions were concluded during the year. The offences involved included (i) operating a crowd control business without a licence, (ii) acting as a crowd controller without a valid CoA, and (iii) employing staff who did not hold CoAs.

The reputational damage caused by these cases far exceeds their numerical significance, with the small number of cases disproportionately undermine public confidence in the industry. The behavioural patterns, states the NZSA “are clear and deeply damaging to our industry credibility.”

Compliance inspections

A total of 180 joint Police and CIPU inspections were undertaken across multiple regions, including Auckland, Hawke’s Bay, Central Otago and Nelson/Marlborough. Common issues identified included:

• Guards working with expired CoAs

• Failure to display CoAs while on duty

• Expired company licences

• Employment of unlicensed guards

• Confusion around volunteers and Māori wardens in crowd control contexts

With the exception of confusion around volunteers and Māori wardens in crowd control, these are simple, avoidable issues, indicating fundamental lapses in employer administration and monitoring of staff credentialling. Encouragingly, inspectors also reported positive signs. Larger licensed venues were generally compliant, and where issues were identified, rapid corrective action was often taken.

Structural issues the sector must confront

From an industry-wide perspective, the NZSA says that several persistent deficiencies that regulators are now well aware of:

• Failure to transition temporary CoAs to full certification

• Ongoing non-display of CoAs while on duty

• Lapsed company licences

• Uncertainty around role classifications

• Lack of refresher training requirements despite an evolving risk environment

These issues are likely to feature prominently in upcoming policy reform discussions and should already be on the risk registers of responsible operators.

Legislative reform: more capable regulation ahead

The report notes progress on amendments to the Private Security Personnel and Private Investigators Act 2010 through the Regulatory Systems (Tribunals) Amendment Bill. These changes are expected to:

• Clarify PSPLA powers

• Strengthen investigative and information-gathering tools

• Improve tribunal functionality

For the industry, says the NZSA, this signals a regulator that is becoming “more capable and better resourced”.

Takeaways for security providers

Ultimately, the report presents a cautiously optimistic picture. The private security industry is more professional

than it has ever been, and the overwhelming majority of practitioners operate lawfully and responsibly. Although heavier scrutiny is on the way.

“As legislative reform progresses and proactive inspections continue to expand, compliance will no longer be a defensive necessity, it will be a core commercial differentiator,” suggests the NZSA.

“Our message to members is clear,” states the NZSA, “strong systems, visible compliance and ongoing training investment remain the strongest insurance policies in a tightening regulatory environment and will be your foundations to grow a more sustainable and attractive business.”

In summary, and in no particular order:

1. Audit CoAs

Ensure all staff hold valid CoAs, display them correctly, and are progressing through required training pathways.

2. Systematise training

Temporary CoAs must be actively managed. Training completion should be tracked, supported and enforced.

3. Strengthen licence governance

Company and individual licence expiry controls should be automated and visible at senior management level.

4. Assume inspections are the norm

Proactive compliance inspections are now routine. Being inspection-ready should be business-as-usual.

5. Prepare for higher expectations

Legislative reform will lift scrutiny. Companies that invest early will adapt more easily.

In closing, the NZSA noted that it has recently introduced Pre-Employment Training Modules that can be used to help screen new staff, prepare staff for the full CoA Training, act as an induction for new staff and as refresher training for existing staff.

New Zealand OSPAs open for nominations

The NZ Outstanding Security Performance Awards (OSPAs) have returned for a fifth consecutive year, and nominations are now open.

“Celebrating excellence in security is vital, and the OSPAs are dedicated to recognising those who go above and beyond to protect our communities,” said Professor Martin Gill, Founder of the OSPAs.

The OSPAs are designed to be both independent and inclusive; providing an important opportunity to recognise and celebrate the work of those dedicated companies, individuals and teams who deliver outstanding security products and services.

“We are proud to return to New Zealand for another year and look forward to celebrating the achievements of those who tirelessly work to provide outstanding security products and services,” said Professor Gill. “It is free to enter and all associations, judges and entrants must adhere to our strict ethics rules.”

The 2026 Categories are:

• Outstanding In-House Security Manager/Director

• Outstanding Contract Security Manager/Director

• Outstanding Security Team

• Outstanding Contract Security Company (Guarding)

• Outstanding Security Consultant

• Outstanding Security Training Initiative

• Outstanding Security Installer/Integrator

• Outstanding New Security Product

• Outstanding Security Partnership

• Outstanding Security Officer sponsored by Guardhouse

• Outstanding Female Security Professional

• Outstanding Young Security Professional

• Outstanding Equality, Diversity, and Inclusion Initiative

• Outstanding Security Sustainability Initiative

• Lifetime Achievement

Entries must be submitted by 08 April. Winners from eligible categories at the 2026 New Zealand OSPAs will automatically qualify for the 3rd Global OSPAs being held in 2027.

The 2026 New Zealand OSPAs are supported by Association of University Chief Security Officers, ASIS International (New Zealand Chapter), Institute of Strategic Risk Management, New Zealand Security Association, New Zealand Security Sector Network, Profit Protection Future Forum and RiskNZ.

Meanwhile, The 2nd Global Outstanding Security Performance Awards (OSPAs) will take place early on Friday morning in New Zealand, streamed live from the UK to a worldwide audience.

The prestigious event brings together the winners of national level OSPAs from around the world to compete for a prestigious Global OSPA across 14 categories.

As a finalist, organisations and individuals are encouraged to join the live stream to discover if they are a winner. A virtual afterparty will follow the ceremony, offering a chance to celebrate with fellow finalists and winners and to network with leading figures from across the sector globally.

This year sees winners of the 2025 New Zealand OSPAs again representing their country on the world stage, including the following finalists:

• Outstanding In-House Security Manager/Director –Ellie Moriarty – SkyCity

• Outstanding Contract Security Manager/Director –Nicholas Dynon – Optic Security Group

• Outstanding Security Team – Freight Screening Team –Secureflight

• Outstanding Contract Security Company (Guarding) –FIRST Security

• Outstanding Security Training Initiative – National Training Programme created by Michelle Macdonald –Secureflight

• Outstanding Security Installer/Integrator – Advanced Security Group

• Outstanding Security Partnership – Asset Upgrade Project – Optic Security Group and Te Herenga Waka –Victoria University Wellington

• Outstanding Security Officer – Shaun Laifone – Global Security

• Outstanding Female Security Professional – Chelsea Wallis – Optic Security Group

• Outstanding Young Security Professional – Ruth Tongotongo – Beca Applied Technologies

NZSA CEO’s January Report

In his first newsletter for 2026 Gary Morrison talks pre-employment training modules, NZSA corporate member self-audits, new apprenticeship pathway, violent retail crime statistics, and more.

Gary Morrison is CEO of the New Zealand Security Association (NZSA). A qualified accountant, Gary was GM of Armourguard Security for New Zealand and Fiji prior to establishing Icon Security Group.

I trust that your Christmas and New Year went well and that 2026 has started positively.

We are certainly looking at an interesting year ahead for the security industry with the economy showing signs of modest growth and the latest NZIER Quarterly Survey of Business Opinion showing business confidence at his highest level since 2014, balanced against the continued conflicts around the world and the gradual break down of the world rules-based order, largely driven by the political situation in the US.

If that isn’t enough, we also need to throw into the mix that this is election year which traditionally sees our politicians increasingly focused on “electioneering” rather than achieving meaningful legislative review and changes.

For the NZSA we are approaching the year with a high level of confidence and a strong focus on achieving positive progress for the industry.

Within my commentary below I reference some of the key initiatives currently in progress, including industry training and licensing, and I’m also pleased to advise that we are currently in the process of employing a Membership and Content Manager to join our team. This will provide us with additional resource to support and engage with our members and also enable a greater focus on industry advocacy.

We are also working on some interesting member benefit initiatives, including the introduction of a Mobil card offer for member employees, and will provide an update on these in coming months.

Hopefully you find the information below informative and please note that this Newsletter is slightly abridged as given the time of the year we have excluded the Special Interest Group, Member Benefit programmes and Partner reports and updates which will return for the next edition in early March.

Launch of NZSA Pre-Employment Training Modules

We were thrilled to launch the new Pre-Employment Training Modules in December. The training is low cost ($20 including GST for single use) and suitable for personal pre-employment (pre CoA), company refresher training, and company induction training.

The modules can be completed anytime, online and the module format allows for self-paced learning and completion (total duration 90 to 120 minutes). All graduates also receive a certificate of completion.

We are also working with the PSPLA to make this course a prerequirement for those applying for a temporary CoA. The training can be accessed via the NZSA Training Hub.

Mandatory Self-Audits for NZSA Corporate Members

From the 1 April this year, all NZSA Corporate Members will be required to complete an annual self-audit as a requirement for continued membership.

The initiative was approved by members at the 2025 AGM and aims to help improve standards across the sector. We introduced the self-audit late last year, initially being used for

new corporate members, and after successful testing and review, we are now ready to extend to all corporate members for our new financial year.

The self-audit is online, and in most circumstances will take 15 to 30 minutes to complete, depending on the complexity of services provided. Members will be required to undertake some preparatory work, including having critical documents and photos available, and appropriate guidance will be provided in advance.

In conjunction with our upcoming annual membership renewal process we will provide notification of the allocated timeframe for each corporate member to undertake the audit and will follow up with necessary instruction on the process to be followed.

New Apprenticeship Pathway for Alarm and Electronic Security Sector

The NZSA has been working closely with Skills Group for many years to help build a talent pipeline into our industry. We are pleased to advise that ETCO (The Electrical Training Company), and part of the Skills Specialist Trades division, will extend their successful Group Apprentice

scheme to the electronic security and alarm installation sector.

Under the Group Apprentice scheme, ETCO directly employs the apprentices, manages all recruitment, screening, training coordination, HR, payroll and pastural care, whilst hosting companies (our members) focus on what they do best: installing systems, serving customers and growing their business.

Critically, if an apprentice placement isn’t the right fit, ETCO manages the transition and replacement without disruption to either the apprentice’s qualification, or the host company’s business operations.

Under the scheme, apprentices enter the programme work-ready from day one, having completed a tailored pretrade programme including health and safety, customer service, foundational technical skills, professional toolkit provision and initial security screening. They are enrolled in the New Zealand Certificate in Electronic Security (Level 4), building skills across alarms, access control, CCTV, networking, commissioning, troubleshooting and maintenance.

A major strength of the group employment model is continuity and flexibility. Apprentices can move

between host companies without stalling their training and giving smaller businesses protection during quieter periods and access to skilled labour during peak demand.

If you wish to register interest in participating in the Group Apprentice scheme, contact us at gary@security. org.nz for more information.

NZ Certificate in Electronic Security (Level 3) – Update

Following a stakeholder review, the NZ Certificate in Electrotechnology (Level 3) has been updated and NZQA approval for the new version is expected shortly.

The changes are relatively minor, and current learners will simply transition to the new qualification.

At a high level, the Installation strand (the non EWRB licensing strand) remains unchanged. The Service strand will now give learners the option of either EAS (Electrical Appliance Serviceperson) or EST (Electrical Service Technician), and an additional unit standard US29479, Electrical Diagrams, has been added to help build confidence in understanding site drawings.

PSPLA Report

In December the PSPLA released the 2025 Annual Report for the Private Security Stewardship Group and Private Security Personnel Licensing Authority.

Key statistics and activity measures from the report include:

As at 30 June 2025:

Current CoA holders 33,689

Temporary CoA holders 963

Individual licence holders 735

Company licence holders 1,575

For the 12 months 1 July 2024 to 30 June 2025:

CoA applications 9,315

Temporary CoA

Ministerial Advisory Group –Victims of Retail Crime

The NZSA has worked closely with the Ministerial Advisory Group (MAG) since it was established last year.

The MAG has already recommended broadening citizen’s arrest powers with the enabling legislation expected within the first half of this year and policy advisers working with the MAG have now prepared a paper exploring how security officers can be better supported – with training capability and potentially new legal authorities – to safely intervene in retail environments.

There are three possible reform pathways being considered:

Option 1: Enhanced Status Quo

• Relies on new citizen’s arrest legislation

• Training improvements left to market forces

Option 2: Increased Minimum Training Requirements

• Builds on new citizen’s arrest changes

• Introduces additional mandatory training standards for security officers undertaking advanced duties

Option 3: Bespoke Legal Powers for Retail Security Officers

• New statutory powers and protections aligned with those recently granted to Parliamentary Security Officers.

• Additional mandatory training requirements.

The NZSA strongly supports Option 3 however from a practical perspective, the implementation of Option 2 and a longer term move to Option 3 may be more politically palatable and achievable.

Violent Retail Crime Statistics

New Zealand based global retail crime intelligence company, Auror, recently released statistics comparing the level of retail crime in New Zealand and Australia.

The good news is that New Zealand as seen a significant reduction in the level of retail crime over the last twelve months, whereas Australia has experienced a continued increase across all measures.

ANZ Retailer Data: Incidents 2025 vs 2024

Australia New Zealand

Weapons +12% -12%

Violence +17% - 6%

Threatening +20% - 5% behaviour

The report also noted that 20% of retail crime events involve verbal or physical abuse, intimidation, threats, violence or use of weapons, and that the top 10% of offenders cause over 60% of all retail crime, and those repeat offenders are 6 times more likely to be violent.

Drug Detection Agency – Drug Testing Findings

On the topic of recent reports, TDDA (The Drug Detection Agency) has released the most recent data on drug use within New Zealand.

Key outtakes include:

• Cannabis (THC) has surged and is present in 71% of tests (was 63%).

• Amphetamine type substances (including methamphetamine) present in 23% of positive tests.

• Cocaine present in 1.5% of tests, well above previous levels.

• Opioid use has surged in Gisbourne (up 42%)

Prosecutions 5 (and 4 in progress)

The NZSA has produced an overview of the report and can be accessed here.

We have provided our members who provide Protective Security Services with a copy of the policy paper and have issued a call to action for submissions to the MAG by the closing date on 2 February 2026.

If you have an interest in making a submission and haven’t received the documentation, please contact me on gary@security.org.nz for a copy.

• Cocaine use has surged in North Shore, The Lakes and Canterbury regions.

Increase to Minimum Wage from 1st April 2026

The minimum wage will increase by 2% on 1 April 2026 – moving from $23.50 to $23.95.

We compliment the government on providing appropriate forward notice

of the change and taking a pragmatic approach in striking a balance between keeping up with the cost of living and not adding further cost pressure to businesses.

Proposed Holiday Act Changes

Members will be pleased to hear that the Government has announced proposed reforms to the Holidays Act 2003. At the heart of the reform is the shift to an hours-based accrual system for annual and sick leave. Rather than waiting six or twelve months before leave starts to build up, entitlements will instead begin on day one, accumulating every hour worked.

For employers this will simplify payroll systems, remove overlapping calculations, and reduce compliance costs. For employees, it will ensure leave rights are linked directly to the hours they work.

Another long overdue fix will be the clear test for determining whether a public holiday is an “otherwise working day” as the proposed changes deems that if an employee has worked at least half of those days in recent weeks, the holiday counts.

The first draft of the legislation should be available for public consultation and submissions within the next few months and will include a two-year implementation window.

The NZSA will make more information available as the legislation progresses through government.

Lithium-ion Battery Charging Procedures

Lithium-ion batteries are part of our everyday lives, both at home and at work. They power our phones, laptops, power tools and even some home appliances.

It is critical that businesses are aware of the risks associated with the use of these batteries and have appropriate processes in place covering their use and recharging.

The main risk is thermal runaway, which can cause fires or explosions due to overcharging, damage, extreme temperatures, or poor-quality chargers, releasing toxic gasses and burning intensely. Lithium-ion fires are unpredictable and dangerous, and staff need to be aware that they

should immediately seek assistance if confronted by a fire – trying to put it out by themselves may put them at greater risk.

We also suggest that all security providers have a policy document covering charging procedures for lithium-ion batteries – click here for a template policy document.

Collapse of Australian security provider MA Services

Shortly prior to Christmas the Australian privately owned security, cleaning and maintenance staff provider MA Services was placed into voluntary administration resulting in some 1,700 security staff job losses. It was reported that staff were unlikely to receive owed wages or entitlements and given that many staff were not permanent residents they would also be excluded from protections offered to resident workers under Australian employment law.

Whilst there appears to be a number of contributing factors towards the collapse of the business, one of the main issues without doubt was recent media reports alleging that the business had a business relationship with a labour hire firm owned by a bikie gang boss. Under this relationship the labour hire firm supplied subcontract staff to MA Services.

This certainly emphasises the importance of maintaining a positive public image and how quickly that can be tarnished, even through association with a third party. For security providers, it is critical that any subcontractors are held to the highest account and meet the same standards applied to employees at all times.

Outstanding Security Performance Awards (OSPAs)

The OPSA’s recognise and celebrate the individuals, teams and organisations delivering excellence across the security sector. Entries are now open and close on 8 April 2026.

As always, we welcome all comments and feedback on NZSA or industry issues and activity.

Keep safe and well.

New government plan to tackle organised crime

A new all-of-government plan to tackle transnational, serious and organised crime was released on 20th December by Associate Police Minister Casey Costello.

“We are at a critical time in the fight against Transnational, Serious and Organised Crime (TSOC),” said Ms Costello in announcing the new plan.

“New Zealand and our Pacific neighbours are being increasingly targeted by organised criminal groups, who are using new technologies and new ways of operating - and we need a different, stronger and more cohesive response,” she said.

“This new TSOC strategy and action plan are designed to achieve this, with the aim being to make New Zealand the hardest place in the world for organised criminal groups to do business and cause harm.”

The TSOC strategy was informed by the report of the Ministerial Advisory Group on Transnational, Serious and Organised Crime and the twenty-eight agencies with responsibilities in this area.

The action plan sets out key crossagency initiatives to improve the response to TSOC, with the immediate priorities including:

• exploring options for a department or agency responsible for TSOC to drive accountability and coordination across government

• developing a new mechanism for cross-agency information and data sharing

• implementing the package of actions that respond to methamphetamine harm, and

• strengthening communities and addressing harm through Resilience to Organised Crime (ROCC) initiatives.

“Organised criminal activity including the illicit drug trade, scams, migrant exploitation and money laundering inflicts misery in our communities. It drives violent crime, and harms individuals and families, legitimate businesses and the broader New Zealand economy,” Ms Costello said.

The illicit drug trade alone is estimated to cost the country around $1.5 billion in social harm.

“We established a Ministerial Advisory Group to provide expert advice, and its key recommendations were the need for strengthened governance and accountability across government and better information sharing,” she said.

“Basically, we need organised government to fight organised crime, and through the action plan we are working on the best way of doing this and making full use of all of the resources, powers and information that agencies collectively possess.”

The shift in naming convention from Transnational Organised Crime to Transnational, Serious and Organised Crime (TNOC to TSOC) reflects the shift in the Government’s strategic approach to incorporate domestic offending and the harm perpetrated in communities.

The Action Plan covers a five-year period and will be regularly reviewed and updated as needed to reflect new and emerging risks.

Doomsday Clock moves closer to midnight as global existential threats worsen

Experts cite growing nuclear arsenals, record-breaking climate trends, artificial intelligence, and biosecurity concerns among the factors that are sending all of humanity to a potentially early grave.

The Doomsday Clock has recently been set at 85 seconds to midnight, the closest the clock has ever been to midnight in its history. The Bulletin of the Atomic Scientists’ Science and Security Board (SASB), which sets the clock, called for urgent action to limit nuclear arsenals, create international guidelines on the use of AI, and address global biological threats.

The Doomsday Clock is a symbolic timepiece that represents how close humanity is to global catastrophe, with midnight symbolising total annihilation.

Each year, its time is moved closer to or further away from midnight to indicate the current likelihood of a man-made catastrophe causing the destruction of the world. It serves as a metaphor to warn the public and spur action to address existential dangers

“Catastrophic risks are on the rise, cooperation is on the decline, and we are running out of time,” said Alexandra Bell, president and CEO, Bulletin of the Atomic Scientists.

“Change is both necessary and possible, but the global community must demand swift action from their leaders.”

The clock’s time was previously changed in January 2025, when it was set at 89 seconds to midnight.

“The dangerous trends in nuclear risk, climate change, disruptive

technologies like AI, and biosecurity are accompanied by another frightening development: the rise of nationalistic autocracies in countries around the world,” said Daniel Holz, SASB chair and professor at the University of Chicago and the Kavli Institute for Cosmological Physics.

“Our greatest challenges require international trust and cooperation, and a world splintering into ‘us versus them’ will leave all of humanity more vulnerable,” he said.

“Without facts, there is no truth. Without truth, there is no trust. And without these, the radical collaboration this moment demands is impossible,” stated Maria Ressa, co-founder and CEO of Rappler and 2021 Nobel Peace Prize Laureate.

“We are living through an information Armageddon—the crisis beneath all crises—driven by extractive and predatory technology that spreads

lies faster than facts and profits from our division,” she said.

“We cannot solve problems we cannot agree exist. We cannot cooperate across borders when we cannot even share the same facts.

Nuclear threats, climate collapse, AI risks: none can be addressed without first rebuilding our shared reality.”

According to the 2026 Doomsday Clock statement:

A year ago, we warned that the world was perilously close to global disaster and that any delay in reversing course increased the probability of catastrophe. Rather than heed this warning, Russia, China, the United States, and other major countries have instead become increasingly aggressive, adversarial, and nationalistic. Hard-won global understandings are collapsing, accelerating a winner-takes-all great power competition and undermining the international cooperation critical to

reducing the risks of nuclear war, climate change, the misuse of biotechnology, the potential threat of artificial intelligence, and other apocalyptic dangers. Far too many leaders have grown complacent and indifferent, in many cases adopting rhetoric and policies that accelerate rather than mitigate these existential risks.

Nevertheless, the statement noted that even as the hands of the clock move closer to midnight, there are many actions that can reverse this:

• The US and Russia can resume dialogue about limiting their nuclear arsenals. All nuclear-armed states can avoid investments in missile defence and observe the existing moratorium on explosive nuclear testing.

• Through both multilateral agreements and national regulations, the international community can take all feasible steps to prevent the creation of mirror life (a hypothetical form of biology that scientists warn could evade natural immunity and become an uncontrollable pathogen) and cooperate on meaningful measures to reduce the prospect that AI be used to create biological threats.

• The US Congress can repudiate President Trump’s war on renewable energy, and provide incentives and investments that will enable rapid reduction in fossil fuel use.

• The US, Russia, and China can engage in bilateral and multilateral dialogue on meaningful guidelines regarding the use of AI in their militaries, particularly in nuclear command and control systems.

Nuclear Weapons

“In 2025, it was almost impossible to identify a nuclear issue that got better,” stated Jon B. Wolfsthal, director of global risk at the Federation of American Scientists (FAS). “More states are relying more intently on nuclear weapons, multiple states are openly talking about using nuclear weapons for not only deterrence but for coercion.

Wolfsthal commented that hundreds of billions are being spent to modernise and expand nuclear arsenals all over the world, and more and more non-nuclear states are considering whether to acquire their own nuclear weapons.

“Leaders of all states must relearn the lessons of the Cold War – no one wins a nuclear arms race, and the only way to reduce nuclear dangers is through binding agreement to limit the size and shape of their nuclear arsenals,” he said.

Disruptive Technologies

According to Steve Fetter, professor of public policy at the University of Maryland, fellow, an emphasis on technological competition within the expanding AI space is making it increasingly difficult to foster the cooperation that will be needed to identify and mitigate risks.

“[President] Trump revoked Biden’s AI safety initiative and banned states from crafting their own AI regulation, reflecting a ‘damn the torpedoes’ approach to AI development,” he noted, while “attacks against universities and cuts in federal funding are eroding our ability to come up with effective solutions.”

Climate Change

According to Professor Inez Fung of the University of California, Berkeley, reducing the threat of climate catastrophe requires actions both to address the cause and to deal with the damage of climate change.

“First and foremost come reductions in emissions of greenhouse gases from the burning of fossil fuels to produce energy,” she said. “Many technologies for renewable energy are now mature and cost effective, and governments should ramp up the wide deployment of these clean energy technologies by providing incentives to produce them on a large scale and to create markets for them.

“Equally important in the fight against climate change is renewed reliance on science that tracks and guides emission reduction and mitigation efforts.”

Biological Threats

Asha M. George, executive director of the Bipartisan Commission on Biodefense at the Atlantic Council, noted that the past year had seen (i) a degradation in the capacity to respond to biological events, (ii) further development and pursuit of biological weapons, (iii) poorly restrained synthetic biology activities, (iv) increasingly convergent AI and biology, and (iv) the “spectre” of life-ending mirror biology.

“Partnerships–between countries, between industry and government, and between the public health and national security communities–will be key to managing these risks,” she said. “With the right tools and determination, we need not fall prey to the diseases that threaten us.”

‘Deepfake abuse is abuse,’ UNICEF warns

Deepfakes are increasingly being used to produce sexualised content involving children, with one in 25 children having had their images manipulated into sexually explicit deepfakes in the past year.

“The harm from deepfake abuse is real and urgent,” the UN agency said in a statement earlier this month . “Children cannot wait for the law to catch up.”

At least 1.2 million youngsters have disclosed having had their images manipulated into sexually explicit deepfakes in the past year, according to a study across 11 countries conducted by the UN agency, international police agency, INTERPOL and the ECPAT global network working to end the sexual exploitation of children worldwide.

In some countries, this represents one in 25 children or the equivalent of one child in a typical classroom, the study found.

‘Nudification’ tools

Deepfakes – images, videos, or audio generated or manipulated with AI and designed to look real – are increasingly being used to produce sexualised content involving children, including through so-called “nudification”, where AI tools are used to strip or alter clothing in photos to create fabricated nude or sexualised images.

“When a child’s image or identity is used, that child is directly victimised. Even without an identifiable victim, AI-generated child sexual abuse material normalises the sexual exploitation of children, fuels demand for abusive content and presents significant challenges for law enforcement in identifying and protecting children that need help,” UNICEF said.

“Deepfake abuse is abuse, and there is nothing fake about the harm it causes.”

Demand for robust safeguards

The UN agency said it strongly welcomed the efforts of those AI developers who are implementing “safety-by-design” approaches and robust guardrails to prevent misuse of their systems.

However, the response so far is patchy, and too many AI models are not being developed with adequate safeguards.

The risks can be compounded when generative AI tools are embedded directly into social media platforms where manipulated images spread rapidly.

“Children themselves are deeply aware of this risk,” UNICEF said, adding that in some of the study countries, up to two thirds of youngsters said they worry that AI could be used to create fake sexual images or videos.

A fast-growing threat

“Levels of concern vary widely between countries, underscoring the urgent need for stronger awareness, prevention and protection measures.”

To address this fast-growing threat, the UN agency issued Guidance on AI and Children 3.0 in December with recommendations for policies and systems that uphold child rights.

UNICEF is calling for governments to expand definitions of child sexual abuse material to include AIgenerated content and criminalise its creation, procurement, possession and distribution.

The UN agency is also pushing for AI developers to implement safety-by-design approaches and robust guardrails to prevent misuse of AI models, and for digital companies to prevent the circulation of AI-generated child sexual abuse material and strengthen content moderation.

The qualification develops and advances critical research, critical thinking and writing, analytical best practice as well as exploring relevant twentieth and twenty-first century intelligence operations. It is aimed at those wishing to develop advanced critical skills in relation to their existing or prospective intelligence sector careers in New Zealand.

Graduates of this year long programme will possess an advanced knowledge of intelligence analysis processes, be grounded in relevant previous operational intelligence experiences and have a critical understanding of the ethical and professional issues involved.

The programme of study consists of two 30-credit courses:

Qualification Requirements

Semester ONE, 294741: Intelligence in the International Security Environment

A critical examination of intelligence theory and practice, focusing on key concepts and methodologies of intelligence collection and analysis, analytical tools, frameworks and concepts applied to investigations and operations in the contemporary international security environment.

Course Controller:

Dr Rhys Ball, Centre for Defence and Security Studies (Auckland)

Semester TWO, 294744: Intelligence Operations

A comprehensive grounding in the operational intelligence environment in the second half of the 20th century, into the 21st century. Participants will consider the development of intelligence practices both in New Zealand and around the world, from the evolution of intelligence contributions from the end of World War Two, to the intelligence challenges of the 2020s. Intelligence operations are critically reviewed, including intelligence success and failure, espionage against friends and allies, and policing and private intelligence formats.

Course Controller:

Dr John Battersby, Senior Fellow, Centre for Defence and Security Studies (Wellington)

To enroll in this qualification, students must have been awarded or qualified for a relevant Bachelor's degree, or be able to demonstrate scholarly work in conjunction with extensive relevant professional experience for Admission with Equivalent Status.

For further information, please contact John: j.m.battersby@massey.ac.nz, or Rhys: r.ball@massey.ac.nz.

Robot dog security patrol solution deployed in Singapore

A recent deployment at the Certis Industrial Park in Singapore demonstrates how quadruped robots have moved from tradeshow demonstrations to routine security operations.

A robot dog, otherwise known as a quadruped robotic platform, is operating at the Singaporean industrial park as part of a wider patrol and monitoring system. Rather than replacing existing security infrastructure, it has been deployed as an additional mobile layer extending coverage beyond fixed cameras and human patrols.

Traditionally, terrain variability has proven a barrier for robotic solutions. Stairs, uneven ground, and landscaped areas often sit outside the effective reach of both wheeled surveillance. Not so for the quadruped developed by DEEP Robotics, which traverses stairways, gravel paths and pedestrian crossings, using onboard navigation and obstacle-detection systems to move safely through shared spaces.

During patrols, the robot is configured to detect rule breaches such as unauthorised smoking or unsafe parking in real time. When an incident is identified, the system issues an audible warning and simultaneously relays live video and event data back to a central management platform.

These types of automated interventions don’t eliminate the need for human oversight, but they can reduce response latency and improve consistency in how low-level incidents are handled. The robot’s ability to remain on scene after an alert is triggered also provides continuity until human staff attend if required.

A further benefit observed in the Certis deployment is the generation of structured, time-stamped incident data. Parking infringements, equipment status checks and other events are logged automatically, including location data and visual evidence.

The virtual paper trail supports auditability and post-incident review and reduces reliance on manual reporting. Over time, the data can inform changes to patrol routes, resourcing, or site design.

From an industry perspective, the significance of this deployment – and ones like it – is that it demonstrates that robot dogs have indeed made the move from novelty to business-as-usual, from experimental use to defined operational roles, particularly in large,

controlled environments such as industrial parks, campuses and logistics facilities.

But the development signals both opportunity and caution. Autonomous patrol systems may offer productivity gains and improved coverage, but they also raise questions around integration, staff training, client expectations and regulatory alignment.

As with other emerging security technologies, their effectiveness will depend on how clearly roles are defined between human operators, automated systems and existing infrastructure.

In the right environment, with clear operational parameters, quadruped security robots are beginning to function as a practical component of modern security operations.

REACH NEW HEIGHTS in Professional Excellence

ASIS accredited certifications can help you reach your career goals.

Validates your ability to conduct security investigations through the effective use of surveillance, interviews, and interrogations. Designed for those with 5 years of related experience.

WH Y EARN THE PCI DESIGNATION?

• Provides independent confirmation of your specialized skills in security investigations

• Gain global recognition by your peers and industry

• Get a competitive edge in the marketplace

• Enhance your career and earnings potential

• Enjoy personal satisfaction and professional achievement

Be one of the many ASIS board certified practitioners who are leaders, mentors, and trusted strategic partners, serving both their organizations and the profession.

“PCI is an important element in the ASIS C ertification programme, dovetailing into both CPP a nd PSP for a comprehensive understanding of broader security industry objectives. An effective and reliable investigation depends on objectivity, thoroughness, relevance, accuracy and timeliness. PCI helps identify critical investigative outcomes, including evidence collection, case management, and the process of offender detection, iden tification, interview and prosecution. Good physic al security designs, together with robust policies and procedures are key elements in a successful investigation. The PCI certification p rov ides an insight into how these pieces interrelate."

- D avi d H orsburgh, MSc CPP PSP PCI

WHY SHOULD AN EMPLOYER HIRE ASIS CERTIFIED PROFESSIONALS?

• Build a strong, dedicated team committed to high standards and continuing professional development

• Promote ongoing education of critical job knowledge and skills

• Feel confident that your staff are using best practices

• Recruit the most qualified professionals

• Reinforce or elevate your organization’s reputation and credibility

Increase the competency level of your staff by supporting your security professionals in their certification journey.