A New Zealand organisation recently discovered a multi-million dollar security investment was rendered useless due to a critical oversight: a lack of personnel to monitor the system. Despite deploying a sophisticated security information management system, the company failed to assign responsibility for its operation or hire staff to manage it. This incident highlights a growing vulnerability for businesses investing in cybersecurity infrastructure. Experts suggest this isn’t an isolated case, indicating a potential widespread issue of unutilized security tools across New Zealand. The story serves as a cautionary tale about the importance of not only implementing security measures, but also ensuring adequate staffing and defined responsibilities for ongoing management. This oversight left the organization exposed despite significant financial investment, demonstrating that technology alone is insufficient for effective cybersecurity. The incident underscores a skills gap within the industry and the need for proactive resource allocation.