New Zealanders report almost $17 million in loss due to cyber security incidents

CERT NZ’s latest report, released today, shows a 65% increase in reports of cyber security incidents over the past year, with an associated $16.9 million in direct financial losses.

24 March 2021

CERT NZ’s latest report, released today, shows a 65% increase in reports of cyber security incidents over the past year, with an associated $16.9 million in direct financial losses.

In 2020 CERT NZ, the government agency which supports organisations and individuals affected by cyber security incidents, received 7,809 reports of cyber security incidents affecting New Zealanders, a significant uplift from the 4,740 reports made in 2019.

“More Kiwis spent time online last year, due to the impacts of COVID-19, presenting many opportunities for cyber attackers,” says CERT NZ Director, Rob Pope.

Phishing and credential harvesting, where an attacker collects personal data to perform an array of online crimes like fraud, was the most reported form of attack during 2020. These types of incidents were up 76% on 2019, accounting for 41% of all reports made.

“Unfortunately, these figures are not surprising. Cyber attackers are opportunistic and use anything topical as a hook to try and trick people into sharing personal or financial details,” says Mr Pope.

The amount of money Kiwis are losing to cyber security incidents is also on the rise. In 2020, cyber security incidents left New Zealanders $16.9 million dollars out of pocket, the highest annual figure recorded by CERT NZ since it launched in 2017. In total, $53 million dollars of direct financial loss has been reported to CERT NZ since reporting began.

“Most cyber attacks are financially motivated. However, our figures do not paint the full picture of the types of loss Kiwis have experienced,” says Mr Pope.

CERT NZ figures show 14% of cyber security incidents reported in 2020 were associated with some type of loss including financial, operational, reputational or data.

“From a financial perspective, the impacts of a cyber attack can snowball. A business may lose revenue because its website has gone down, meaning it’s unable to trade online. This greatly impacts individuals’ livelihoods and therefore has a knock-on effect on the economy.

“Businesses also incur additional costs recovering from a cyber incident, like hiring IT professionals to mitigate any further security issues, which can take months or even years to fully restore. This can result in loss of customer trust.

“For an individual, there can be serious ramifications if their personal data has been stolen and used to conduct online fraud. As well as having to obtain new personal identification documents, they could experience a detrimental effect on their credit rating making it difficult to secure a mortgage or financial loan.

“While the effects of a cyber security incident can be devastating, it may have been possible to avoid these significant losses by taking some simple steps.

“This includes taking measures like good password practice, implementing two-factor authentication as an extra layer of security on logins, making sure software on devices are up-to-date, regularly backing up data, and thinking about  how and where you share personal information.”

CERT NZ provides actionable and easy-to-follow information online to help Kiwis get started. 

Top 11 tips for cyber security 

For more insights into what CERT NZ has seen in the New Zealand threat landscape in 2020.

CERT NZ 2020 summary