What we’ve seen
In 2021, 8,831 incidents were reported to CERT NZ, a 13% increase on 2020. Individuals, small businesses and large organisations from all over New Zealand submitted incident reports.
Top incident categories
The top three incident categories in 2021 are:
- 3,709 phishing and credential harvesting, up 9% on 2020
- 1,930 malware reports, up 24% on 2020
- 1,897 scams and fraud reports, down 1% on 2020
15% of incidents reported to CERT NZ included direct financial loss, with a combined total value of $16.8 million.
Top types of scams and fraud
Scams and fraud accounted for almost $11.9 million (71%) of the total financial loss reported in 2021.
Of that loss:
- Almost $3.9 million was lost to scams when buying, selling or donating goods online.
- Over $2.1 million was lost to scams about employment and business opportunity offers.
- Over $2 million was lost to unauthorised or falsified money transactions.
- Other scams and fraud $3.9 million.
Vulnerability reports are an opportunity to prevent a cyber security incident before it occurs. Vulnerabilities reported to CERT NZ range in severity and complexity.
64 vulnerabilities were reported to CERT NZ in 2021, with 27 being managed under our Coordinated Vulnerability Disclosure (CVD)* service.
*The CVD service is used when the person reporting the vulnerability doesn’t want, or has been unable, to contact the vendor directly. CERT NZ evaluates the scope and severity of the reported vulnerability before making the decision to apply the vulnerability disclosure coordination role.
What we’ve done
Get Cyber Smart
Cyber Smart Week is CERT NZ’s nationwide awareness campaign. In 2021, we worked with more partner organisations to reach more people than ever before – 290 Cyber Smart Partners.
In 2021, CERT NZ was a key part of four international working groups sharing best practice and improving our ability to understand and respond to cyber security risks, including the COVID-19 vaccine roll out.
Advisories are our early warning system for New Zealanders. We triage incident reports we receive, and information about international cyber threats to get timely, actionable advice out to New Zealanders so they can protect themselves online.
In 2021, CERT NZ issued:
- 9 advisories to individuals and businesses
- 23 advisories to IT specialists
Total website visits for 2021 was 374,589.
Our most popular page for IT specialists was our advisories page. For individuals, our Report an Issue was the top page and for businesses it was Protecting from ransomware guide.