Know exactly where your business stands on cyber security.
A fixed-price audit that shows you what is working, what is exposed and what to fix first. Built for mid-size New Zealand organisations, startups and small businesses, mapped to the Privacy Act 2020, NIST CSF 2.0 and, where relevant, NZISM.
Most businesses find out they were exposed only after something goes wrong.
An audit gives you the same picture, before an incident forces it on you. Owners commission one for a handful of recurring reasons.
Cyber insurance renewal
Insurers increasingly ask for evidence of controls, not just a questionnaire answer.
Client due diligence
Enterprise and government customers now run security assessments before signing.
Privacy Act obligations
Reasonable security safeguards are a legal requirement, not a best-practice suggestion.
Board and investor oversight
Directors are asking harder questions about cyber risk as part of ordinary governance.
Tested against the standards New Zealand actually uses.
We map every finding back to a recognised framework, so the report holds up with insurers, auditors, boards and customers.
What a Cyber Security Audits NZ engagement checks.
Governance & Policy
Ownership, policy currency and how decisions get made when something goes wrong.
Identity & Access
MFA coverage, privileged accounts, joiner and leaver processes, shared logins.
Data Protection & Privacy
Where personal and sensitive data lives, who can reach it, and how it is disposed of.
Backup & Recovery
Whether backups actually restore, and how long a real recovery would take.
Incident Readiness
A plan that names who does what in the first hour, tested rather than filed away.
Vendor & Third Party Risk
The access your suppliers, contractors and cloud platforms hold into your systems.
A four step process built around your time, not ours.
Scope and evidence request
A short call to confirm scope, then a checklist of documents and read-only access we need.
Technical and policy review
We work through the evidence remotely. Nothing is deployed on your network and nothing is disrupted.
Findings workshop
A working session to walk through what we found and check we have understood your business correctly.
Report and roadmap
A board-ready report with a plain-English summary and a prioritised 90-day fix list.
Fixed-price audits, no surprise add-ons.
Audits for most smaller organisations start from $7,000 + GST. Larger or regulated organisations receive a scoped quote after the initial call.
View pricingEssentials Audit
$7,000 + GST, from
Six-area review for organisations up to around 25 staff on a standard Microsoft 365 or Google Workspace setup.
See what's includedLed by a working CISO, not a checklist.
Cyber Security Audits NZ is the audit practice of Gorilla Cyber Security, led by Chief Information Security Officer Stephen Phillips. Findings are written by people with day-to-day operational security experience, not by software alone.
About the teamWhat you get
- A written report you can take to any provider, including your existing IT team
- Findings written for an owner or board, not only for an IT team
- Backed by a working CISO and an operational security team, not a template
Common questions
What does it cost?
From $7,000 + GST for most smaller organisations, scoped after a short call.
How long does it take?
Two to four weeks from kickoff to final report for most engagements.
Is this a penetration test?
No. It is a governance and controls review. Testing can be added on request.
Ready to see where you stand?
Book a short scoping call and receive a fixed-price quote within two working days.
Book an Audit