2019 Report Summary

The CERT NZ 2019 summary gives an overview of what we’ve seen and done in 2019. It includes key figures about reports, incident types, financial loss, and vulnerabilities. It also highlights what we've been doing to improve cyber security in New Zealand.

What we’ve seen

Reported incidents

In 2019, 4740 incidents were reported to CERT NZ, a 38% increase on 2018. Individuals, small businesses and large organisations from all over New Zealand submitted reports.

Top incident categories

The top three incident categories in 2019 remain the same as those in 2018:

  • 1,934 phishing and credential harvesting reports, up 25% on 2018
  • 1,734 scams and fraud reports, up 53% on 2018
  • 449 unauthorised access reports, up 48% on 2018

Financial loss

15% of reports made to CERT NZ had some form of financial loss, with a total value of $16.7 million.

Top types of scams and fraud

Scams and fraud accounted for $14.5 million (87%) of the total financial loss reported in 2019. 

Of that loss:

  • Almost $5 million was lost to unauthorised or falsified money transactions.
  • Over $4 million was lost to scams when buying, selling or donating goods online.
  • Almost $3.6 million was lost when asked to pay money upfront (e.g. invoice scam).

Vulnerability reporting

Vulnerability reports are an opportunity to prevent a cyber security incident before it occurs. Vulnerabilities reported to CERT NZ range in severity and complexity.

60 vulnerabilities were reported to CERT NZ in 2019, with 20 being managed under our Coordinated Vulnerability Disclosure (CVD) service. The CVD policy is used when the person reporting the vulnerability doesn’t want, or has been unable, to contact the vendor directly themselves.


What we’ve done

Global CERTs

We worked with over 40 foreign CERTs and international partner organisations. These include AP CERT and ACSC; alongside others from further afield such as KZ-CERT, CERT-EE, and CERT Tonga.

Get Cyber Smart

Cyber Smart Week is CERT NZ’s primary outreach platform. In 2019 we had 122 partner organisations on board, who helped us reach more Kiwis than ever before. This is 28% up on 2018.


Advisories are our early warning system for New Zealanders. We triage incident reports we receive, and information about international cyber threats to get timely, actionable advice out to New Zealanders so they can protect themselves online. In 2019, CERT NZ issued:

  • 5 advisories to individuals and businesses
  • 9 advisories IT specialists 

Subscribe to our advisories

CERT NZ website 

Our website is the central place for reporting incidents and accessing our information and resources.

In 2019 we had over 208,000 website visits, up 45% on 2018.

The most popular page for IT specialists was our advisories page, with 38,000 page views.

For businesses and individuals our top guides were our ‘Top 11 cyber security tips for your business’ and ‘Keep your data safe with a password manager’.