What we’ve seen
Reported incidents and associated financial loss
In 2022, 8,160 incidents were reported to CERT NZ, an 8% decrease from 2021. Individuals, small businesses and large organisations from all over New Zealand submitted incident reports.
22% of incidents reported to CERT NZ included some form of financial loss, with a combined total loss of $20.0million.
Top incident categories
The top three incident categories changed in 2022, with ‘Unauthorised Access’ now being the third highest reported incident.
Reports of phishing and credential harvesting have gone up 16% since 2021
Reports of scams and fraud have gone up 15% since 2021
Reports of unauthorised access have gone up 23% since 2021
Reports of malware are down 88% since 2021 – a significant decrease due to large numbers of FluBot being reported in 2021.
Top types of scams and fraud
Scams and fraud accounted for almost $17.1 million (86% of overall direct financial loss) in 2022. Of that loss:
- $5.9m went to scams involving unauthorised money transfer
- $3.3m went to scams involving dating or romance
- $3.1m went to scams involving new job or business opportunity offers
- $1.8m went to cryptocurrency investment scams
- $1.7m went to scams when buying, selling or donating goods online
Vulnerability reporting
Vulnerability reports are an opportunity to prevent a cyber security incident before it occurs.
Vulnerabilities reported to CERT NZ range in severity and complexity.
41 vulnerabilities were reported to CERT NZ in 2022, with 26 being managed under our Coordinated Vulnerability Disclosure (CVD) service.
The CVD policy is used when the person reporting the vulnerability doesn’t want, or has been unable, to contact the vendor directly themselves.
What we've done
Get cyber smart
Cyber Smart Week is CERT NZ’s nationwide campaign. In 2022, we worked with more partners who helped us reach more New Zealanders than ever before. 514 Cyber Smart partners, a 77% increase on 2021.
International engagement
CERT NZ participated in three international cyber exercises, took part in five international working groups to share best practise and continued our capacity building work in the Pacific.
Advisories
Advisories are our early warning system for New Zealanders. We triage incident reports we receive, and information about international cyber threats to get timely, actionable advice out to New Zealanders so they can protect themselves online.
In 2022, CERT NZ issued:
1 advisory to individuals and businesses
6 advisories to IT specialist
Website
339,461 website visits
Our most popular page for IT specialists was the advisories page with 23,408 page views.
For Individuals, “Report an issue” was the top page with 39k views.
Our highest performing page for businesses was the “Two steps too easy guide” which received 19,000 views.*
Reporting form for businesses and individuals
* NUMBERS HAVE GENERAL ROUNDING