How to Determine the Right Cyber Strategy for your Business – Doug Hammond

Doug Hammond, Chief Information Security Officer – Inland Revenue

Doug Hammond - Inland Revenue

During Doug’s workshop at the CIO Leaders Summit he Cyber Security risks, he raised points on how although organisations have very similar security threats their strategy for managing these risks can and should vary widely. This is because each organisation will have a different risk appetite, the financial and reputational consequences of a security breach will be unique and their current Cyber Security maturity will differ.

In essence, each organisation needs to first understand what their current starting point and target is and quantify the risk they are trying to manage and use this to determine their Cyber Security Strategy.


Doug joined Inland Revenue in May 2014 and is Chief Information Security Officer in the Information Technology & Change business unit of Inland Revenue. His role is Tier 3 and reports to the Chief Technology Officer. The primary purpose of this role is to manage IR’s security portfolio as it relates to digital security for Inland Revenue’s Information and Application Assets (including cyberspace and electronic protection). Doug is responsible for ensuring that security design, education and policy is positioned appropriately and tailored to meet business outcomes.

Other roles and organisations Doug has worked in, prior to joining Inland Revenue, are Senior Manager, Business Risk Services at Grant Thornton; Head of Technology Business Risk and NZ Divisional Information Security Officer at ANZ Bank; Security Assurance Manager at Vodafone NZ Ltd; IT Risk and Security Manager at Air New Zealand; Manager Enterprise Risk Services at Deloitte.
Inland Revenue