Quarterly reports

CERT NZ provides insights quarterly on the New Zealand threat landscape. The reports provide a snapshot of the types of cyber security threats and incidents that have been reported in the quarter, and an update on our work to protect New Zealanders online.

The latest

April to June 2023

Quarter Two Cyber Security Insights 2023

CERT NZ’s Quarter Two (Q2) Cyber Security insights provide an overview of reports about cyber security incidents impacting New Zealanders from 1 April…

2023

January to March 2023
Quarter One Cyber Security Insights 2023

CERT NZ’s Quarter One (Q1) Cyber Security insights provide an overview of reports about cyber security incidents impacting New Zealanders from 1 Janua…
Read more
2022

2022 Report summary

The CERT NZ 2022 report summary gives an overview of what we’ve seen and done in 2022. It includes key figures about reports, incident types, financia…
Read more

October to December
Quarter Four Cyber Security Insights 2022

CERT NZ’s Quarter Four (Q4) Cyber Security insights provide an overview of reports about cyber security incidents impacting New Zealanders from 1 Octo…
Read more

Quarter Three: Cyber Security Insights 2022

Quarter Two: Cyber Security Insights 2022

Quarter One: Cyber Security Insights 2022
2021

2021 Report Summary

Quarter Four Report 2021

Quarter Three Report 2021

Quarter Two Report 2021

Quarter One Report 2021
2020

2020 Report Summary

Quarter Four Report 2020

Quarter Three Report 2020

Quarter One and Two Report 2020

2020 half year summary
2019

2019 Report Summary

Quarter Four Report 2019

Quarter Three Report 2019

Quarter Two Report 2019

Quarter One Report 2019
2018

2018 Report Summary

Quarter Four Report 2018

Quarter Three Report 2018

Quarter Two Report 2018

Quarter One Report 2018
2017

Quarter Four Report 2017

CERT NZ Quarter Three Report 2017

Quarter Two Report 2017

About our data

Reporting quarters are based on the calendar year, 1 January to 31 December.

We receive reports of incidents from both individuals and organisations. They choose how much or how little they feel comfortable providing, often about very sensitive incidents. We will not share specific details about an incident, without the reporting party's consent.

We aren't always able to verify the information we receive, though we try to, particularly when dealing with significant cyber security incidents.

From 1 July 2020, we’ve made some changes to the way data is collected and structured. These changes have been made to improve the level of detail and reporting produced. It also allows for other data sources to be introduced. The way we collect and use the information provided to us is set out in our privacy and information statement.

From quarter one 2022, the Quarterly Report: Highlights document has been changed to Cyber Security Insights to better reflect the content.

Check out our new website, Own Your Online, for businesses and consumers!

The latest

Quarter Two Cyber Security Insights 2023

Quarter One Cyber Security Insights 2023

2022 Report summary

Quarter Four Cyber Security Insights 2022

About our data