Case Studies & Expert Insights
Explore expert insights and case studies from Liverton Security.
The Human Firewall: Why Your Team is Your Best Defence Against Cyber Attacks (Part 1)
All Case Studies & Expert Insights
Deep dive into solutions and cybersecurity topics with our experts
When NZ organisations get breached, the same question keeps coming up—"How did this happen when we were compliant?"
Compliance frameworks like NZISM, PSR, and the Privacy Act were never intended to be treated as annual checklists. Their underlying assumption is that controls operate continuously, risks are reviewed as environments change, and people actively protect information. When organisations treat compliance as a finish line, security drifts — and that gap between audits is where breaches occur. Real security maturity comes from ongoing assurance, not point-in-time compliance.
Bridging Directly To Continuous Maturity Assessments
As organisations change, security often drifts out of alignment. Continuous maturity assessment helps identify weakening controls, workarounds, and emerging risks early—before they turn into incidents. It provides a practical way to keep security relevant, effective, and aligned with how a business operates as it evolves.
One of the biggest security risks in New Zealand isn’t technology. It’s misplaced responsibility
Many organisations assume cybersecurity is handled by their IT or network provider, but IT operations and security are not the same discipline. While firewalls, endpoint tools, and cloud controls are important, security fails when it becomes technology-led instead of risk-led. Real security requires governance, skilled people, and continual review—not just tools left to run on default settings. Without dedicated security leadership and maturity assessment, organisations can appear secure on paper while remaining exposed in practice.
The $500 Gift Card That Nearly Cost Millions: Understanding Executive Email Spoofing
A seemingly harmless email request from the CEO asking a new employee to purchase gift cards led to a serious security incident. This real-world case study shows how preventable failures and weak email security controls can result in significant financial and reputational damage, underscoring the critical importance of robust email security in modern organisations.
Why New Zealand’s Health Application Ecosystem Needs Security Baselines, Not Just Privacy Law
Privacy law plays a vital role in protecting patient information, but it does not define how that data must be secured. In New Zealand’s growing ecosystem of health applications, the absence of mandatory security baselines creates systemic risk across patient portals, practice management systems, and third-party services. Recent events have highlighted why privacy compliance alone is no longer enough to protect sensitive health data.
Manage My Health Is Not an Outlier: Why Small Health Providers Are Being Targeted—and Why Email Is Still the Front Door
The Manage My Health data breach wasn’t just one of New Zealand’s biggest cybersecurity incidents — it exposed a pattern affecting small and mid-sized healthcare providers nationwide. As privacy obligations race ahead of enforceable security standards, the incident points to a systemic risk and raises uncomfortable questions about how health data is really being protected.