News and events Own Your Online External Link Report an incident
News and events Own Your Online External Link
  1. Welcome to CERT NZ
  2. Insights and research
  3. Quarterly reports
  4. Quarter Four Cyber Security Insights 2024
  5. Data Landscape: A closer look at our numbers

Data Landscape: A closer look at our numbers

This section provides a standardised set of results, graphs, and an analysis of the latest trends. Analytical comment is provided where meaningful or interesting trends were identified.

If you would like different cuts of the data that are not in this section, please send your request to:

media@ncsc.govt.nz

Incidents and referrals

From 1 October to 31 December 2024, a total of 1,258 incidents were reported to the NCSC through the CERT NZ reporting tool.

Of these:              

  • 703 (56%) were responded to directly by the NCSC
  • 454 (36%) were referred to New Zealand Police
  • 55 (4.4%) were referred to the New Zealand Telecommunications Forum (TCF)
  • 20 (1.6%) were referred to the Department of Internal Affairs (DIA)
  • 17 (1.4%) were referred to the Commerce Commission
  • 5 (<1%) were referred to Consumer Protection NZ
  • 4 (<1%) were referred to the Office of the Privacy Commissioner (OPC) 
inc per q

Breakdown by category

The number of incidents reported in Q4 went down in most categories. We saw a significant decrease in Phishing and Credential Harvesting (54%) from 823 in Q3 to 381 in Q4.

Scams and Fraud overtook Phishing and Credential Harvesting as the top category, while going down from 596 (Q3) to 506 (Q4) - a 15% decrease.

More about the incident categories we use.

inc per cat

Breakdown of Scam and Fraud incidents

Of the incidents responded to the NCSC during Q4 2024, 40% (506) were about Scams and Fraud. Unauthorised Money Transfer increased by 23% from 26 in Q3 to 32 in Q4.

With 256 incidents, Scams while buying, selling or donating goods online accounted for half of Scams and Fraud incidents reported to us in Q4. The number of Extortion or Blackmail Scams went up slightly from 72 to 75. 

snf

Incidents affecting individuals

In Q4 2024, 987 incidents were reported as affecting individuals, with accompanying financial loss of $6.4M.

The largest category affecting individuals this quarter is Scams and Fraud which accounts for nearly half (48%) of the individual reports.

The number of Unauthorised Access reports decreased 30% from 251 in Q3 to 176 in Q4.

indv cat

Incidents affecting organisations

In Q4 2024, 89 (7%) incidents reported to the NCSC specified that they affected organisations.

Phishing and Credential Harvesting continues to be the largest category of incidents reported to us by organisations, accounting for 34% of incidents affecting organisations during Q4 2024. 

org cat

Demographics: Reporting by sector

Financial and Insurance Services was the sector reporting the highest number of incidents.  The number of reports that specified a sector decreased by 27% from 122 in Q3 to 89 in Q4.

sector count

Demographics: Reporting by age

Of the 1258 incidents reported to the NCSC during Q4, 74% of people provided their date of birth.

Reports from those aged 55 made up over one-third (36%) of the incidents in this section. 

inc by age

Impact: Direct Financial Loss

Direct financial losses totalled $6.8 million in Q4 2024, increasing by 24% compared to last quarter.  
There were 405 incidents reported to the NCSC during Q4 2024 that reported a financial loss and indicated the loss amount. This decreased by 14% from last quarter (470).  

impacts

Of the incidents that reported a loss value, 59% (239) were below $500. 17 incidents reported losses of $100,000 and over. This is the largest number of reports with high accompanying loss we have received in a quarter.

Of the 17 incidents responded to during Q4 2024 involving losses of $100,000 or more: 

  • four related to Unauthorised Access,
  • two related to Cryptocurrency Scams,
  • two related to Investment Scams,
  • two related to Unauthorised or Falsified Transfer of Money,
  • one related to a scam due to Job, Business, or Investment Opportunity,
  • one related to a Dating or Romance Scam,
  • one related to a Fake Lottery, Prize or Grant Scam,
  • one related to Buying, Selling or Donating Goods,
  • one related to Asked to pay Money Upfront Scams , and
  • two fell into the Other category. 

Impact: Types of loss

As well as financial loss, the NCSC responded to incidents where other types of loss occurred. 

Financial loss: 405 incidents

This not only includes money lost as a direct result of the incident, but also includes the cost of recovery, for example the cost of contracting IT security services or investing in new security systems following an incident. (Q3 2024: 474). 

Reputational loss: 23 incidents

Damage to the reputation of an individual or organisation as a result of the incident (Q3 2024: 37) 

Data loss: 55 incidents

Loss or unauthorised copying of data, busines­s records, personal records and intellectual property (Q3 2024: 79). 

Technical damage: <10 incidents

Impacts on services like email, phone systems or websites, resulting in disruption to a business or organisation (Q3 2024: <10). 

Operational impacts: 12 incidents

The time, staff and resources spent on recovering from an incident, taking people away from normal business operations (Q3 2024: 18). 

Other: 23 incidents

Includes types of loss not covered in the other categories (Q3 2024: 30). 

Previous section Insights | Hello, this is your bank calling
SEE ALL QUARTELY REPORTS
Top