News and events Own Your Online External Link Report an incident
News and events Own Your Online External Link
  1. Welcome to CERT NZ
  2. Insights and research
  3. Quarterly reports
  4. 2022 Report summary

2022 Report summary

The CERT NZ 2022 report summary gives an overview of what we’ve seen and done in 2022. It includes key figures about reports, incident types, financial loss, and vulnerabilities. It also captures a few of the highlights of what we've been doing to help improve cyber security in New Zealand.

What we’ve seen

Reported incidents and associated financial loss

In 2022, 8,160 incidents were reported to CERT NZ, an 8% decrease from 2021. Individuals, small businesses and large organisations from all over New Zealand submitted incident reports.

22% of incidents reported to CERT NZ included some form of financial loss, with a combined total loss of $20.0million.

Top incident categories

The top three incident categories changed in 2022, with ‘Unauthorised Access’ now being the third highest reported incident.

Reports of phishing and credential harvesting have gone up 16% since 2021

Reports of scams and fraud have gone up 15% since 2021

Reports of unauthorised access have gone up 23% since 2021

Reports of malware are down 88% since 2021 – a significant decrease due to large numbers of FluBot being reported in 2021. 

Top types of scams and fraud

Scams and fraud accounted for almost $17.1 million (86% of overall direct financial loss) in 2022. Of that loss:

  • $5.9m went to scams involving unauthorised money transfer
  • $3.3m went to scams involving dating or romance
  • $3.1m went to scams involving new job or business opportunity offers
  • $1.8m went to cryptocurrency investment scams
  • $1.7m went to scams when buying, selling or donating goods online

Vulnerability reporting

Vulnerability reports are an opportunity to prevent a cyber security incident before it occurs.

Vulnerabilities reported to CERT NZ range in severity and complexity.

41 vulnerabilities were reported to CERT NZ in 2022, with 26 being managed under our Coordinated Vulnerability Disclosure (CVD) service.

The CVD policy is used when the person reporting the vulnerability doesn’t want, or has been unable, to contact the vendor directly themselves.

What we've done

Get cyber smart

Cyber Smart Week is CERT NZ’s nationwide campaign. In 2022, we worked with more partners who helped us reach more New Zealanders than ever before. 514 Cyber Smart partners, a 77% increase on 2021.

International engagement

CERT NZ participated in three international cyber exercises, took part in five international working groups to share best practise and continued our capacity building work in the Pacific.

Advisories

Advisories are our early warning system for New Zealanders. We triage incident reports we receive, and information about international cyber threats to get timely, actionable advice out to New Zealanders so they can protect themselves online.

In 2022, CERT NZ issued:

1 advisory to individuals and businesses

6 advisories to IT specialist

Website

339,461 website visits

Our most popular page for IT specialists was the advisories page with 23,408 page views.

For Individuals, “Report an issue” was the top page with 39k views.

Our highest performing page for businesses was the “Two steps too easy guide” which received 19,000 views.*

Previous report Quarter Four Cyber Security Insights 2022 Next report Quarter One Cyber Security Insights 2023