2020 Report Summary

The CERT NZ 2020 summary gives an overview of what we’ve seen and done in 2020. It includes key figures about reports, incident types, financial loss, and vulnerabilities. It also captures a few of the highlights of what we've been doing to help improve cyber security in New Zealand.

What we’ve seen

Reported incidents

In 2020, 7,809 incidents were reported to CERT NZ, a 65% increase on 2019. Individuals, small businesses and large organisations from all over New Zealand submitted reports.

Full data for this graph

2017: 1,131

2018: 3,445

2019: 4,740

2020: 7,809

Top incident categories

The top three incident categories in 2020 are:

  • 3,410 phishing and credential harvesting reports, up 76% on 2019
  • 1,920 scams and fraud reports, up 11% on 2019
  • 1,560 malware reports, up 2008% on 2019

Financial loss

14% of reports made to CERT NZ had some form of financial loss, with a total value of $16.9 million.

CERT NZ 2017 to 2020 direct financial loss increases

Top types of scams and fraud

12 million dollars was lost to scams and fraud in 2020

Scams and fraud accounted for almost $12 million (69%) of the total financial loss reported in 2020.

Of that loss:

  • Almost $5.4 million was lost to unauthorised or falsified money transactions.
  • Over $2.4 million was lost to scams when buying, selling or donating goods online.
  • Almost $1.5 million was lost to scams about employment and business opportunity offers.
  • Other scams and fraud $2.5 million.

Vulnerability reporting

Vulnerability reports are an opportunity to prevent a cyber security incident before it occurs. Vulnerabilities reported to CERT NZ range in severity and complexity.

55 vulnerabilities were reported to CERT NZ in 2020, with seven being managed under our Coordinated Vulnerability Disclosure (CVD)* service.

*The CVD service is used when the person reporting the vulnerability doesn’t want, or has been unable, to contact the vendor directly. CERT NZ evaluates the scope and severity of the reported vulnerability before making the decision to apply the vulnerability disclosure coordination role.

What we’ve done

Get Cyber Smart

Cyber Smart Week is CERT NZ’s nationwide awareness campaign. In 2020, we worked with more partner organisations to reach more people than ever before – 170 Cyber Smart Partners.

Global exercises

In 2020, we participated in two global cyber exercises which helped us test our ability to respond to cyber security incidents, nationally and internationally.


Advisories are our early warning system for  New Zealanders. We triage incident reports we receive, and information about international cyber threats to get timely, actionable advice out to New Zealanders so they can protect themselves online.

In 2020, CERT NZ issued:

  • 4 advisories to individuals and businesses
  • 14 advisories to IT specialists


Total website visits for 2020 was 278,128, a 34% increase on 2019.

Our most popular page for IT specialists was our advisories page with 47k page views. For businesses and Individuals our top guides were the Top 11 cyber security tips for your business and Use two-factor authentication to protect your accounts.