What we’ve seen
In 2020, 7,809 incidents were reported to CERT NZ, a 65% increase on 2019. Individuals, small businesses and large organisations from all over New Zealand submitted reports.
Full data for this graph
Top incident categories
The top three incident categories in 2020 are:
- 3,410 phishing and credential harvesting reports, up 76% on 2019
- 1,920 scams and fraud reports, up 11% on 2019
- 1,560 unauthorised access reports, up 2008% on 2019
14% of reports made to CERT NZ had some form of financial loss, with a total value of $16.9 million.
Top types of scams and fraud
Scams and fraud accounted for almost $12 million (69%) of the total financial loss reported in 2020.
Of that loss:
- Almost $5.4 million was lost to unauthorised or falsified money transactions.
- Over $2.4 million was lost to scams when buying, selling or donating goods online.
- Almost $1.5 million was lost to scams about employment and business opportunity offers.
Other scams and fraud $2.5 million.
Vulnerability reports are an opportunity to prevent a cyber security incident before it occurs. Vulnerabilities reported to CERT NZ range in severity and complexity.
55 vulnerabilities were reported to CERT NZ in 2020, with seven being managed under our Coordinated Vulnerability Disclosure (CVD)* service.
*The CVD service is used when the person reporting the vulnerability doesn’t want, or has been unable, to contact the vendor directly. CERT NZ evaluates the scope and severity of the reported vulnerability before making the decision to apply the vulnerability disclosure coordination role.
What we’ve done
Get Cyber Smart
Cyber Smart Week is CERT NZ’s nationwide awareness campaign. In 2020, we worked with more partner organisations to reach more people than ever before – 170 Cyber Smart Partners.
In 2020, we participated in two global cyber exercises which helped us test our ability to respond to cyber security incidents, nationally and internationally.
Advisories are our early warning system for New Zealanders. We triage incident reports we receive, and information about international cyber threats to get timely, actionable advice out to New Zealanders so they can protect themselves online.
In 2020, CERT NZ issued:
- 4 advisories to individuals and businesses
- 14 advisories to IT specialists
Total website visits for 2020 was 278,128, a 34% increase on 2019.
Our most popular page for IT specialists was our advisories page with 47k page views. For businesses and Individuals our top guides were the Top 11 cyber security tips for your business and Use two-factor authentication to protect your accounts.