2022 Report summary

The CERT NZ 2022 report summary gives an overview of what we’ve seen and done in 2022. It includes key figures about reports, incident types, financial loss, and vulnerabilities. It also captures a few of the highlights of what we've been doing to help improve cyber security in New Zealand.

What we’ve seen

Reported incidents and associated financial loss

In 2022, 8,160 incidents were reported to CERT NZ, an 8% decrease from 2021. Individuals, small businesses and large organisations from all over New Zealand submitted incident reports.

22% of incidents reported to CERT NZ included some form of financial loss, with a combined total loss of $20.0million.

Top incident categories

The top three incident categories changed in 2022, with ‘Unauthorised Access’ now being the third highest reported incident.

Top types of scams and fraud

Scams and fraud accounted for almost $17.1 million (86% of overall direct financial loss) in 2022. Of that loss:

  • $5.9m went to scams involving unauthorised money transfer
  • $3.3m went to scams involving dating or romance
  • $3.1m went to scams involving new job or business opportunity offers
  • $1.8m went to cryptocurrency investment scams
  • $1.7m went to scams when buying, selling or donating goods online

Vulnerability reporting

Vulnerability reports are an opportunity to prevent a cyber security incident before it occurs.

Vulnerabilities reported to CERT NZ range in severity and complexity.

41 vulnerabilities were reported to CERT NZ in 2022, with 26 being managed under our Coordinated Vulnerability Disclosure (CVD) service.

The CVD policy is used when the person reporting the vulnerability doesn’t want, or has been unable, to contact the vendor directly themselves.

What we've done