What we’ve seen
Reported incidents and associated financial loss
In 2022, 8,160 incidents were reported to CERT NZ, an 8% decrease from 2021. Individuals, small businesses and large organisations from all over New Zealand submitted incident reports.
22% of incidents reported to CERT NZ included some form of financial loss, with a combined total loss of $20.0million.
Top incident categories
The top three incident categories changed in 2022, with ‘Unauthorised Access’ now being the third highest reported incident.
Top types of scams and fraud
Scams and fraud accounted for almost $17.1 million (86% of overall direct financial loss) in 2022. Of that loss:
- $5.9m went to scams involving unauthorised money transfer
- $3.3m went to scams involving dating or romance
- $3.1m went to scams involving new job or business opportunity offers
- $1.8m went to cryptocurrency investment scams
- $1.7m went to scams when buying, selling or donating goods online
Vulnerability reports are an opportunity to prevent a cyber security incident before it occurs.
Vulnerabilities reported to CERT NZ range in severity and complexity.
41 vulnerabilities were reported to CERT NZ in 2022, with 26 being managed under our Coordinated Vulnerability Disclosure (CVD) service.
The CVD policy is used when the person reporting the vulnerability doesn’t want, or has been unable, to contact the vendor directly themselves.