The GCSB is urging New Zealand's critical businesses to stay alert in the face of increasing cyber threats, which can put nationally significant infrastructure in danger.

GCSB director general Andrew Hampton says it has seen malicious actors, both state and criminal, increasingly exploit vulnerabilities in supply chains, such as service providers.

"Our advice is focused on how organisations can build their resilience to those types of attacks. Now, part of that is ensuring that your supply chain is protected and that's where these cloud security templates come in.

"But it's also about ensuring that you are governing cyber security at an all of organisational level. It's also about being ready for an attack because organisations now I think need to think about not it being a matter of if they are attacked, but when."

Another key focus is investment for resilience in cybersecurity, he says.

The agency says it recorded 404 cyber threat incidents last year, up 15 per cent on the previous year.

About a third could be attributed to state sponsored actors and another third to criminal actors.

"One of the changes we have seen is a blurring of the distinctions between state and non-state actors. We are getting criminal actors for example who have sophisticated capabilities that previously tended to be in the hands of states."

Criminal actors are also operating out of safe havens provided by states, Hampton says.

The GCSB's work with Microsoft and Amazon Web Services was judged the best security project at last week's Information Security Awards.

Hampton says it's the first time the agency has worked with the two major cloud service providers.

Building the government information security standards into its products provided confidence for the public and private sectors that they complied with security standards when they used the services, Hampton says.

-RNZ.