Incidents are reported to the NCSC by individuals and organisations using the CERT NZ reporting tool. They choose how much or little information they are comfortable in providing, often about very sensitive incidents.
Sometimes NCSC may ask for additional information about an incident to gain a better understanding, or if we might need to do technical investigations. Before sharing specific details about an incident, the NCSC will seek the reporting party’s consent.
The NCSC is not always able to verify the information we receive, though we endeavour to do so, particularly when dealing with significant cyber security incidents.
All information provided via CERT NZ reporting tool is treated in accordance with our Privacy and Information Statement as published on our website, and this report is subject to the CERT NZ standard disclaimer.
The sectors we use are based on Stats NZ’s New Zealand Industry Standard Industry Output Categories.
Age is calculated from the date of birth provided and the date we received the incident report. The ‘reporting by age’ data does not include reported vulnerabilities, as those are from individuals proactively reporting issues, rather than having been affected by them.