New Zealand businesses will soon face laws forcing them to disclose any loss of personal information to cyber-criminals, says the head of the world's largest computer security company.
Symantec president and chief executive Enrique Salem said it was inevitable this country would follow the United States and other jurisdictions that are forcing organisations to reveal when hackers have stolen personal or sensitive information they held electronically, or when it was lost.
Criminals often use stolen data to assume false identities, fleecing those whose details they have taken by running up debts in their name.
"For people who have had their identity stolen - when it takes you six months to recover your identity, that's a problem," Salem said.
"There are laws currently being worked on in Australia and in New Zealand that will absolutely push the notion that if data is stolen, you'll have to say. And that's the reputation of your company [at stake]. They will happen and they will - absolutely - be enforced."
Salem said that while such "disclosure laws" were important, Symantec was lobbying Governments to ensure they were developed with "safe harbour" provisions to prevent unnecessary and alarmist notifications.
"If the data hasn't been compromised, if you can prove that [then] you shouldn't have to disclose that because we don't think there's any risk."
Salem, who was making his first visit to the Pacific since taking on the top job at Symantec last year, said one of the most significant technology issues businesses were grappling with was a significant change in the type of cyber threats they faced.
"Spammers used to work on the law of large numbers. They'd say, 'I can send two to three hundred million messages and if a small percentage of people respond, I'm okay'," he said.
"But because there's so much public information available, what the bad guys have figured out is that they can target you, they can target a business. They can find out a little bit of information about you and then they can come right at you. Because what they believe is that the likelihood of a response is significantly higher if it's personalised."
He said that as a result of these more targeted attacks, traditional methods of online protection were becoming much less effective and security companies including Symantec needed to change their approach to preventing IT threats.
The business problems facing New Zealanders and Australians were no different from in the rest of the world.
"It's a time when ... everybody's trying to figure out how to become more efficient. But in the 25 years I've been in IT, IT has always tried to be more efficient, so it's not that unique."
* Simon Hendery travelled to Sydney as a guest of Symantec.