Data Landscape: A closer look at our numbers

Incidents and referrals

Between 1 January and 31 March 2025, a total of 1,292 incidents were handled through the NCSC's general triage process.

Of these:
• 669 were responded to directly by NCSC
• 472 were referred to New Zealand Police
• 81 were referred to the New Zealand Telecommunications Forum (TCF)
• 74 were referred to the Department of Internal Affairs (DIA)
• 10 were referred to the Commerce Commission
• 5 were referred to Consumer Protection NZ
• 3 were referred to the Office of the Privacy Commissioner (OPC)
• 3 were referred to the Financial Markets Authority (FMA)
• 2 were referred to the Domain Name Commission (DNC)

The NCSC may refer a single incident to multiple agencies. As such, the above referral numbers may not sum to the total incident count.

YEAR	QUARTER	INCIDENTS
2025	1	1,292
2024	4	1,258
2024	3	1,905
2024	2	1,203
2024	1	1,537
2023	4	1,903
2023	3	2,136
2023	2	1,950

Breakdown by category

Most categories reported haven't seen significant change from Q4 to Q1. In Q4, Scams and Fraud became the most common incident category for the first time since 2020, and continues to be the most common in Q1. We saw significant increases in Phishing and Credential Harvesting, going from 381 in Q4 to 440 in Q1 (15% increase). Website Compromise reports halved from 46 in Q4 to 23 in Q1.

We define all the incident categories in the appendix of this report - more about the incident categories we use.

Incident category	Number of incidents
Scams and fraud	486
Phishing and credential harvesting	440
Unauthorised access	228
Other	87
Website compromise	23
Malware	12
Ransomware	10
C and C server hosting	2
Denial of Service	2
Suspicious network traffic	2

Breakdown of Scam and Fraud incidents

Scams and fraud usually rely on deceiving people, rather than gaining access to a system. Of the incidents responded to NCSC during Q1 2024, 486 (38%) were about Scams and Fraud. This incident category consistently features in the top three reported but is the most common category for Q1.

During Q1, NCSC received 208 reports on scams involving Buying, Selling or Donating Goods, a 19% decrease from 256 in Q4. Incidents relating to Extortion increased from 75 in Q4 to 80 in Q1 (7% increase), many of these relating to the mass email campaigns discussed last quarter. Dating and Romance scams increased from last quarter, from 28 to 34 (21% increase).

Breakdown of scam and fraud categories

Incident category	Incident count
Buying, selling or donating goods	208
Extortion/blackmail scam	80
A new job or business opportunity offer	55
Unauthorised money transfer	41
Dating or romance scam	34
Asked to pay money upfront	15
Investment scams	12
Fake government services scam	11
Scam phone calls	11
Buying, selling or donating service	6
Cryptocurrency investment	6
Fake lottery, prize or grant scam	4
Tech scam phone calls	3

Incidents affecting individuals

In Q1 2025, 1,050 (81%) incidents were reported as affecting individuals.

The largest category affecting individuals this quarter is Scams and Fraud, which accounts for nearly half (41%) of the individual reports. The number of Unauthorised Access incidents reported by individuals increased from 176 in Q4 to 204 in Q1 (16% increase).

Breakdown of incidents affecting individuals

Incident category	Number of incidents
Scams and fraud	431
Phishing and credential harvesting	343
Unauthorised access	204
Other	56
Malware	8
Ransomware	3
Suspicious network traffic	2
Website compromise	2
C and C server hosting	1

Incidents affecting organisations

In Q1 2025, 97 (7%) incidents triaged by the NCSC for general support specified that they affected organisations.

Phishing and Credential Harvesting continues to be the largest category of incidents reported to us by organisations, accounting for 60% of incidents affecting organisations during Q1 2025. Scams and Fraud reported by organisations increased this quarter from 18 in Q4 to 28 Q1 (56% increase).

Breakdown of incidents affecting organisations

INCIDENT CATEGORY	NUMBER OF INCIDENTS
Phishing and credential harvesting	36
Scams and Fraud	28
Unauthorised Access	13
Other	10
Ransomware	4
Website compromise	3
Denial of service	1
Malware	1

Demographics: Reporting by sector

Professional, Scientific and Technical is the most commonly reported sector this quarter. The number of reports that provided a sector made up 7% of incidents this quarter.

Reports by sector

SECTOR	NUMBER OF REPORTS
Professional, Scientific, and Technical	17
Agriculture, Forestry and Fishing	10
Retail Trade and Accommodation	10
Arts, Recreation and Other Services	9
Manufacturing	8
Transport, Postal and Warehousing	7
Wholesale Trade	6
Construction	5
Education and Training	5
Technology	5
Rental, Hiring and Real Estate Services	4
Financial and Insurance Services	3
Health Care and Social Assistance	3
Media and Telecommunications	3
Public Administration and Safety	1

Demographics: Reporting by age

Of the 1,292 incidents reported to the NCSC during Q1, 922 (71%) provided their date of birth.

Reporters 45 and over collectively reported 51% of reports that included an age while only accounting for 32% of the loss for such reports. Meanwhile, reporters between 35 and 44 represented 21% of incidents that provided an age but a combined loss of $4.4M (61% of loss for reporters that provided an age).

age band	Number of reports
Under 18	15
18 to 24	82
25 to 34	155
35 to 44	197
45 to 54	173
55 to 64	140
65 and over	160

Incidents affecting individuals – Financial loss by age

age band	Number of reports
Under 18	10,000
18 to 24	30,000
25 to 34	410,000
35 to 44	4,360,000
45 to 54	270,00
55 to 64	840,00
65 and over	1,180,000

Impact: Direct Financial Loss

Direct financial losses totalled $7.8 million in Q1 2025, increasing by 14% compared to last quarter.

There were 366 incidents reported to the NCSC during Q1 2025 that reported a financial loss and specified the loss amount, this decreased by 10% from last quarter (405).

10 incidents reported losses of $100,000 and over. While this number has decreased since last quarter, the total loss amount has still increased.
Of the 10 incidents responded to during Q1 2025 involving losses of $100,000 or more:

five were related to Unauthorised or Falsified Transfer of Money,
two were related to Unauthorised Access,
one was related to Cryptocurrency Scams,
one was related to a Dating or Romance Scam,
one was related to Buying, Selling or Donating Goods.

Direct financial loss per quarter

YEAR	QUARTER	loss value
2023	2	$4.2M
2023	3	$4.7M
2023	4	$3.6M
2024	1	$6.6M
2024	2	$6.8M
2024	3	$5.5M
2024	4	$6.8M
2025	1	$7.8M

Direct financial loss breakdown:

The most common loss value reported sat between $100 to $499. Incidents $10,000 and over made up $7.4M (95%) of reported loss despite consisting of only 44 incidents.

Finacial loss	Incidents
1 to 99	79
100 to 499	118
500 to 999	31
1,000 to 9,999	77
10,000 to 99,999	34
100,000 and over	10

Impact: Types of loss

As well as financial loss, the NCSC responded to incidents where other types of loss occurred.

Financial loss: 366 incidents

This includes not only money lost as a direct result of the incident, but also the cost of recovery - for example the cost of contracting IT security services or investing in new security systems following an incident. (Q4 2024: 405).

Reputational loss: 29 incidents

Damage to the reputation of an individual or organisation as a result of the incident (Q4 2024: 23)

Data loss: 73 incidents

Loss or unauthorised copying of data, business records, personal records and intellectual property (Q4 2024: 55).

Technical damage: <10 incidents

Impacts on services like email, phone systems or websites, resulting in disruption to a business or organisation (Q4 2024: <10).

Operational impacts: 19 incidents

The time, staff and resources spent on recovering from an incident, taking people away from normal business operations (Q4 2024: 12).

Other: 28 incidents

Includes types of loss not covered in the other categories (Q4 2024: 23).

About our information

Incident categories