The Panama Papers leak is a warning to New Zealand businesses to protect themselves from cyber hacking, Prime Minister John Key says.

Mr Key announced today a $22 million fund that will go towards setting up a national security agency aimed at protecting businesses and infrastructure from online attacks.

Photo: RNZ / Kim Baker Wilson

The Computer Emergency Response Team (CERT) was first announced in December, and will be included in this year's budget.

$20 million will go towards the agency's operating funds over the next four years, with $2.2 in new capital.

It is expected to begin operating in early 2017.

Speaking at the Cyber Security Summit in Auckland this morning, Mr Key said New Zealanders needed to start taking the threat of cyber attacks seriously.

"This is real, it's happening, and there are people sitting out there who just want to make mischief, and want to get access to that information."

He said hackers present a real threat to the government, to businesses and to NGOs.

"If we're going to do our jobs properly, we better start realising that we've got to take this issue seriously."

Mr Key said it wasn't just up to the government to take action, and directors and chief executives of businesses need to get on board.

"We can't make you do that for your businesses."

"But we are through the CERT, and through all of the other work that GCSB and the police and others do, quite willing to work with you, and help you, and provide the best technology that we can."

He said the massive information leak from the Panamanian law firm, Mossack Fonseca, which revealed global tax avoidance practices, is proof no company was safe from hacking.

"Whatever the rights and wrongs of whatever business they do, these people have sat there thinking they're dealing with their clients on a confidential basis."

"Their information has been hacked and is now in the public domain."

He said businesses should not think that would never happen to them.

"You might be a doctor that's dealt with sexually transmitted diseases, and that information is confidential to that person, then all of a sudden, that information is in the public domain."

Microsoft vice president of security Matt Thomlinson said there was no shortage of malicious actors on the internet, and the consequences go beyond just business interests.

"The worst case scenarios here are alarming, because we do have things like critical infrastructure and governments supplying services over the internet.

"Taking down a router, it's not clear if that just takes down a business down the street or it takes down a hospital."

The Center for Strategic and International Studies (CSIS) vice president and program director Jim Lewis said New Zealand had a good strategy for tackling cyber security, but that needed to also be well resourced.

"New Zealand has put in place many of the elements of a successful strategy, and you have identified many of the things you have to work on to make that strategy work.

"The real test is in implementation, and the real test is in political commitment."

He said New Zealand faced real threats, and its businesses were at risk, but that risk was manageable if action was taken.

The new agency will be a partnership between the government, non-government agencies and the private sector.

The most recent Internet Security Threat Report from Symantec found the number of cyber-attacks in New Zealand had grown by 163 percent in the past year - about 108 attacks per day.