News and events Own Your Online External Link Report an incident
News and events Own Your Online External Link
  1. Welcome to CERT NZ
  2. Insights and research
  3. Quarterly reports
  4. Quarter Three Cyber Security Insights 2024

Quarter Three Cyber Security Insights 2024

The Cyber Security Insights report for quarter three (Q3) provides an overview of cyber security incidents impacting New Zealanders from 1 July – 30 September 2024.

Summary

This quarter, the NCSC responded to 1,905 incident reports about individuals, businesses and organisations from all over Aotearoa, a 58% increase on the previous quarter.

This increase in the number of reports is actually a good thing - we know cybercrime is underreported. When you report to us, you’re helping keep other New Zealanders and NZ businesses more secure online by letting us know what’s going on out there.  So keep those reports rolling in, Aotearoa!

$5.5m million in direct financial loss was reported in Q3, down 19% from Q2 2024. 25% of incidents reported financial loss.

1,905 incidents were reported to the NCSC through its CERT function in Q3 2024, up 58% from Q2 2024.

The biggest increase was in the number of incidents of Unauthorised Access, which went up 80% from Q2 2024.

Incidents of Phishing and Credential Harvesting increased by 70% from 484 in Q2 to 823 in Q3. This remains our most commonly reported category. 

Number of incidents

A total of 1,905 incidents were reported via the CERT NZ reporting tool in Q3 2024.

Q3 Incidents

Breakdown by incident categories

Q3 IncidentsByCategory

Phishing Disruption Service

NCSC’s Phishing Disruption Service (PDS) is a free service that provides a verified list of New Zealand specific phishing indicators that organisations can act on and block from their network. 

When you get a phishing link via text or email, you can forward it to phishpond@ops.cert.govt.nz. The incident response team then analyses the links it receives, also called phishing indicators, and publishes verified ones to the PDS. NCSC’s research team also proactively identifies phishing sites and blocks them before they can be used to target New Zealanders. 

In Q3, NCSC processed  20,524 phishing indicators of which 6,285 were published to the PDS. The industry that was most impersonated by phishing scammers this quarter was postage and shipping services. 

Incidents with potential national significance

The NCSC responds to incidents affecting nationally significant organisations or with potential to cause national harm. We triage these into a scale that considers the organisational impact and the severity of the incident.

In the third quarter of 2024, the NCSC recorded 98 incidents impacting nationally significant organisations.
Of these:
•    31 were triaged as C6 – minor incidents,
•    44 as C5 – routine incidents, 
•    22 as C4 – moderate incidents, and 
•    1 as C3 –  significant incident.

There were no reports of C2 - highly significant incidents, or C1 - national cyber emergency.

Q3 IncidentsNationalSignificance

Subscribe for updates

Sign up to our quarterly newsletter to receive CERT NZ’s reports and updates.

Subscribe External Link

Previous report Quarter Two Cyber Security Insights 2024