2020 half year summary

What we’ve seen

Incident reports to date

Quarter	Incidents
2020 Qtr 2	1965
2020 Qtr 1	1137
2019 Qtr 4	1197
2019 Qtr 3	1354
2019 Qtr 2	1197
2019 Qtr 1	992
2018 Qtr 4	1333
2018 Qtr 3	870
2018 Qtr 2	736
2018 Qtr 1	506
2017 Qtr 4	377
2017 Qtr 3	390
2017 Qtr 2	364

Incident reports – half year 2020 compared to 2019

42% increase on 2019

CERT NZ experienced a 42% increase in reports during the first six months of 2020, compared to the same period in 2019. Increases were seen in five out of the six months, with nearly double the number of incidents in April 2020 than in April 2019. March was the exception, with slightly fewer reports in March 2020 than in March 2019.

	2019	2020
June	363	606
May	429	539
April	405	820
March	412	381
February	281	310
January	299	446

Top incident categories

Scams and fraud up in Q2

Reports across all incident categories increased in both quarters, but particularly during the Q2 lockdown. Scams around online trading remained high throughout both quarters - a trend likely to continue through Q3 and Q4.

	Phishing and credential harvesting	Scams and fraud	Unauthorised access	Other
2020 June	349	150	46	61
2020 May	256	210	35	38
2020 April	215	524	30	51
2020 March	187	127	36	31
2020 February	196	49	32	33
2020 January	275	92	37	42
2019 December	134	103	34	27
2019 November	186	135	33	41
2019 October	251	163	32	58
2019 September	192	184	41	65
2019 August	205	174	36	65
2019 July	117	192	32	51
2019 June	112	143	46	62
2019 May	132	169	68	60
2019 April	160	146	31	68
2019 March	163	167	30	52
2019 February	119	93	29	40
2019 January	163	65	37	34

Financial loss

$44m financial loss from 2017-2020 year to date.

2020 - $7.8m

2019 - $16.75m

2018 - $14.1m

2017 - $5.35m

Top five sectors by incident report

More reports from tech sector

Reports from the technology sector increased markedly during the April lockdown, suggesting a heightened awareness of cyber threats.

Month	Education and training	Financial and insurance services	Professional, scientific, and technical	Technology
2020 June	5	169	8	56
2020 May	6	98	8	37
2020 April	2	72	7	53
2020 March	4	73	5	14
2020 February	5	141	4	16
2020 January	4	162	3	11
2019 December	3	82	2	2
2019 November	8	106	1	3
2019 October	23	158	1	2
2019 September	25	86	6	10
2019 August	16	43	39	24
2019 July	7	63	3	10
2019 June	6	47	7	15
2019 May	14	47	6	18
2019 April	7	100	5	39
2019 March	7	91	7	8
2019 February	3	60	5	17
2019 January	5	118	4	7

Business vs individual reports

1,170 incident reports from businesses (40.18%)

1,742 incident reports from individuals (59.82%)

What we’ve done

Advisories

Eight advisories issued to individuals, businesses and IT specialists.

Advisories are our early warning system for New Zealanders. They are an important way to get actionable advice out to New Zealanders about the threats they need to respond to, so they can protect themselves against attacks.

Website

116,000 website visits, up 5.26% on Jan – Jun 2019, and 18% on July – Dec 2019.

12 new content pages published, offering practical advice ranging from safe remote working for employers and employees, to secure online transacting for businesses.

Pacific and international engagement

CERT NZ’s active membership of the international cyber security network helps us understand the threat landscape, respond to incidents and build cyber resilience within New Zealand and regionally.

We do this by participating in forums such as the PaCSON and APCERT working groups.

Domestic engagement

New initiative: Webinars

Five national webinars were conducted with chambers of commerce, professional bodies and membership organisations, attracting more than 850 participants.

“The cyber security webinar delivered to our business community by CERT NZ is one of those ‘must attend’ workshops.”