You see it when you make a bank transfer or log into Gmail; but what impact will it have on New Zealand and Australian businesses?


MFA (multi-factor authentication), sometimes called 2FA (two-factor authentication), has recently gained renewed attention. Regulatory bodies in New Zealand and Australia have issued stern warnings to organisations about the necessity of basic cybersecurity measures.

In New Zealand, an advisory from the Office of the Privacy Commissioner stated:

“If you are a small business that has a cyber-related privacy breach and don’t have at least two factor-authentication in place expect to be found in breach of the Privacy Act.”

Similarly, in Australia, The Financial Review reported that the Australian Securities and Investments Commission (ASIC):

“…will seek to make an example of board directors and executives who are recklessly ill-prepared for cyberattacks by taking legal action against compromised companies that did not take sufficient steps to protect their customers and infrastructure from hackers.”

Organisations Have a Significant Blind Spot


Many organisations in both New Zealand and Australia have a significant blind spot when it comes to cybersecurity. In Australia, the Office of the Australian Information Commissioner revealed that there were 409 data breaches between January and June alone. ASIC emphasised:

“Preparedness must include security; it must also involve resilience, meaning the ability to respond and weather a significant cybersecurity incident.”

What Does This Mean to You?


For large organisations, regulators will not tolerate excuses. If your systems contain people’s names and personal details and MFA does not protect these, you are effectively already in breach of the Privacy Act in New Zealand. In Australia, you risk becoming a legal example. The consequences range from compliance notices to fines, criminal offences, and brand and reputational damage. And that’s on top of the costs incurred from an actual breach.

Why Are Organisations Delaying?


Implementing MFA/2FA and SSO (single sign-on) can be challenging due to legacy systems, lack of expertise, and cost considerations. The “if it’s not broken, don’t fix it” mentality often prevails, hindering proactive cybersecurity investments. However, research shows that a cyber attack can cost businesses in New Zealand and Australia an average of 2 million dollars, a figure that rises if a ransom payment is involved. So, the investment is easily justified on money alone, even if organisations are not motivated by their obligations.

How SECTION6 Can Help


SECTION6 has the expertise to integrate MFA with SSO solutions across your organisation. Through our partnership with Red Hat, a world leader in secure software solutions, we’ll work to deliver a solution that works for you. You’ll receive full product support for Red Hat, with the added option of our implementation services and ongoing managed services.

We’re unique in our focus on designing, building and integrating mission-critical software for mission-critical applications and organisations. Our proven skills and experience in delivering critical software are how we help our clients ensure that their software continues to be highly reliable, scalable, secure, and adaptable.

To us, it’s more than just implementing an MFA solution; it’s about ensuring that you and your customers continue to experience the same quality of service, if not better, with the peace of mind that your customers’ private information is safe with you.

Next Steps


Contact us to find out more about how we can work with you to address your privacy concerns, so you can stay on mission.