A security breach is an accidental or unintentional action that leads or could lead to, the loss or damage of official information or resources. A breach is also a failure to observe mandatory requirements.

All security incidents, including breaches, must be reported to the agency's Chief Security Officer (CSO). The CSO will assess the situation and identify the appropriate response which may include advising the NZSIS or GCSB. Depending on the nature of the security incident, a formal investigation may be required.

Further information about the process following a security breach can be found in New Zealand Government Protective Security Governance Requirements – Reporting Incidents and Conducting Security Investigations.