Payment Security 101
Learn about payment fraud and how to prevent it
- Why Eftsure?
-
-
Why Eftsure?
-
Why customers use Eftsure
-
-
- Platform
-
-
Features
-
-
-
- Solutions
-
-
By role
-
-
- Resources
-
-
Learn
-
Company
-
-
Updated
Latest Cyber Crime Statistics in New Zealand 2023
Niek Dekker
Published : 07 February 2023
As the threat of cybercrime continues to escalate in Aotearoa, or New Zealand, greater awareness and preventative measures are crucial. According to the latest Cyber Security Insights 2022, CertNZ recorded an average of 2,166 reported cyber security incidents per quarter, averaging a loss of NZ$4.5 million per quarter.
This is alarming for both individuals and businesses. With a marked increase in cyber-crime reports, the problem appears to be getting worse.
As an executive, you understand the potential for cyber attacks to hurt your business, whether financial losses, reputational damage or data theft. To mitigate those risks, you’ll need a robust cyber-crime strategy, including training to educate your employees on best practices.
In our cyber crime statistics below, we delve into the current state of cyber crime in New Zealand, along with cyber-criminals’ most common tactics. By staying informed on the latest trends and statistics, you can equip your business with the necessary tools to protect against potential cyber threats.
Author’s Top Picks
- CERT NZ’s latest annual summary shows that financial losses jumped up 19% to $20 million in Q3 of 2022.
- Phishing and credential harvesting are the biggest loss in the cyber incident category with 924 reports out of 2069 total reports in Q3 2022.
- IDCARE has seen a 40% increase in people seeking assistance for identity theft in the first five months of 2022.
- Auckland remains the most targeted region for cyber-attacks, with 403 reported incidents in Q4 2022.
- The financial and insurance services sector reported that over 80% of their cybersecurity incidents are related to phishing and credential harvesting.
Cybercrime Statistics
1. CERT NZ’s latest annual summary shows that financial losses jumped up 19% to $20 million in Q3 of 2022.
The cybersecurity government body CERT NZ reported 8,160 cybersecurity incidents in 2022. This included individuals, small-to-medium enterprises (SMEs) and large organisations from all over New Zealand. While financial losses have grown exponentially over time from 2017, the number of reported incidents has slowly decreased since 2021.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-1
2. Phishing and credential harvesting are the biggest loss in the cyber incident category with 924 reports out of 2069 total reports in Q3 2022.
Phishing and credential harvesting have become the biggest loss for cybersecurity incidents in New Zealand due to several factors. One of the reasons is the increasing reliance on technology for business operations since the COVID-19 pandemic. This has led to a larger attack surface for cybercriminals to exploit, often using phishing techniques to gain unauthorised access to sensitive information.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-2
3. In 2022, 22% of incidents were reported to CERT NZ, which saw a total financial loss of $20 million.
Scams and fraud accounted for almost $17.1 million (86%) of the overall direct financial loss in 2022. This is further broken down where $5.9 million went to scams involving unauthorised money transfers, $3.3 million went to dating or romance-related scams and $3.1 million went to scams involving a new job or business opportunity offer.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-3
4. In Aotearoa, there has been a 150% increase in ransomware in the second quarter of 2021 compared to the previous quarter.
According to cyber-crime reports, ransomware is becoming more common around the world, impacting New Zealand, Australia and the United States all at the same time. Some of the most well-known ransomware strains include Bad Rabbit, CryptoLocker, Jigsaw and Ryuk. Generally, a ransomware attack occurs when the cyber-criminal encrypts a targeted individual’s computer and demands a ransom to be paid to recover their files.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-4
5. As of 30 June 2022, the National Cyber Security Centre (NCSC) recorded 350 cybersecurity incidents affecting nationally significant organisations, a decrease compared to the previous year (404 incidents).
Lisa Fong, NCSC Deputy Director-General says, “It is likely that the Russian invasion of Ukraine has meant both criminal actors from the region, and other significant global threat actors are more focused elsewhere than on activities that have previously impacted New Zealand.”
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-5
6. Organisations that were hit the hardest were the financial and insurance services leading by 43 reports out of 134 total cybercrime reports. Followed by professional, scientific and technical 13 reports.
It’s no surprise to see that the financial and insurance services industry is the most targeted by cyber-criminals. These industries deal with large amounts of sensitive and valuable information such as credit card details, email addresses, names, and other financial records. Cyber-criminals find this type of information highly lucrative and profitable for identity theft and other illegal activities that can be used for financial gain.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-6
7. The most significant common vulnerabilities and exposure (CVEs) disclosed in 2021/2022 was the Apache Log4j vulnerability.
Apache Log4j is a popular open-source logging framework used by developers to generate log files in Java-based applications. According to the Cyber Threat Report 2021/2022, NCSC discovered a vulnerability issue in Log4j which left global networks vulnerable to malicious cyber actors remotely accessing systems, stealing confidential information and more.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-7
8. IDCARE has seen a 40% increase in people seeking assistance for identity theft in the first five months of 2022.
IDCARE is a not-for-profit organisation that looks after Aussies and Kiwis, providing free and confidential support to individuals who have experienced identity theft or cyber-related crimes. If you fall victim, IDCARE can assist you with personalised support and advice on recovering your identity and developing an identity recovery plan, as well as offer advice on any associated risks.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-8
9. According to Dual Cyber, more than 50% of NZ small-to-medium enterprises (SMEs) experience cybersecurity attacks at least once a year.
One of the reasons why SMEs fall victim to cyber-crime is the lack of resources. SMEs often have limited resources for cybersecurity measures and may not have the budget to invest in robust security software or hire dedicated security personnel. However, there are other ways of mitigating risk, like implementing multi factor authentication (MFA) methods of encrypting sensitive information.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-9
10. According to the NZ Law Society, fewer than 10% of businesses in New Zealand have cyber insurance.
New Zealand is a growing target for cyber-criminals. With more Kiwi businesses falling victim to phishing, credential harvesting, scams and unauthorised access attempts, cyber insurance premiums are increasing. Senior Broker Anna Parker from Frank Risk Management comments that businesses need to be careful about their insurance covers, as each insurer may or may not cover the full amount of cyber attacks.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-10
11. Auckland remains the most targeted region for cyber-attacks, with 403 reported incidents in Q4 2022.
Auckland is the largest city in New Zealand and has a high concentration of businesses, government agencies and other organisations. This may be one of the reasons why it’s an attractive target for cybercriminals who seek to steal or reveal sensitive data. CERT NZ also states that Auckland has had the highest financial loss to online scams and fraud from June 2019-2020 with a total loss of $5.4 million.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-11
Business Email Compromise Statistics
12. Out of 1,757 incident reports received by CERT NZ, unauthorised access ranks number three in the breakdown by incident category with 178 recorded reports.
While business email compromise (BEC) scams and unauthorised access are different types of cyber threats, they can both be used in a cyber attack. For example, a cybercriminal may use unauthorised access to gain access to an email account of an employee or executive, which they can then use to launch a BEC attack. They could send an internal email impersonating the CEO to deceive employees into committing fraudulent activities.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-12
13. In 2020, the Financial Markets Authority (FMA) issued 61 warnings about investment scams of which 35% were imposter scams using legitimate businesses to deceive investors.
Imposter scams or impersonation scams are a type of BEC attack. Imposter scams involve a cyber-criminal impersonating a trusted individual or organisation, such as a senior executive or supplier. This allows criminals to trick targeted individuals into transferring money or providing credentials to gain access to accounts to reveal information.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-13
14. There has been an 81% increase in business email compromise (BEC) attacks between the first and second half of 2022.
According to abnormal security, the average cost of a BEC attack in 2021 was around $120,000, while 35% of cyber-crime losses stem from BEC. Crane Hassold, director of threat intelligence at Abornal Security noted that “any time an employee has to assess whether an email is malicious, [it’s] an opportunity for them to make a mistake”.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-14
15. The most commonly used communication methods by scammers to deceive businesses were email (41%), followed by social media (26%) and over the phone (24%).
Email is the most used communication method due to several reasons. One of them is anonymity. Email allows criminals to remain anonymous or use fake identities, making it easier for them to avoid detection and impersonate trusted brands or individuals. If you are looking to secure your email security, check out our email security best practices.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-15
16. Only 2.1% of all known BEC attacks are reported to their employers, with a massive 98% left unreported in 2022.
It’s important to increase awareness of BEC attacks in the workplace. Many employees may not be aware of what a BEC attack is or how to recognise one. It’s important to promote a cybersecurity culture that recognises the risks of such attacks and empowers employees to put their hands up when something doesn’t seem right.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-16
17. 101% more BEC scams have hit New Zealand businesses between July and September of 2020.
Businesses that are looking to mitigate the risk of a BEC attack can do so on the CERT NZ website. CERT NZ provides solutions around keeping software up to date, deploying complex passwords and adopting antivirus software to combat the threat of BEC attacks.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-17
Business Identity Theft Statistics
18. In 2020, a report found one in five New Zealand adults surveyed said they experienced identity theft, which is 16% of over 193,000 Kiwis.
Identity theft is a type of cyber-crime where malicious actors steal an individual’s personal information such as their name, address and financial information to commit fraud or illegal activities. The consequence of identity theft can be severe to organisations, including financial loss, reputational damage and loss of customer trust.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-18
19. According to the Department of Internal Affairs, as many as 133,000 Kiwis are victims of identity theft annually. That represents a $209 million loss on the economy.
Cyber-crime statistics show that the most commonly compromised information in New Zealand is identity documents. Passports are on top of the list, with 21.2% of NZ cases handled by IDCARE involving stolen passport numbers. This is followed by the driver’s licence category at 19.7%. Individuals and businesses are not doing enough to mitigate the risk of identity theft, we cover the 7 steps that you can take to act now.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-19
20. David Lacey, the director of IDCAR, said that 22% of identity scams are carried out by phone.
Cyber-criminals are using phone calls to carry out identity theft scams by impersonating trusted companies like your bank or email software provider. In some cases, they may get you to reveal your information by pressuring victims. They may claim that there is an urgent issue with the victim’s account or that they need to verify your account to prevent fraud.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-20
21. 81% of New Zealanders surveyed admit they are unsure of how to check if their identity has ever been stolen.
For individuals, you can monitor your credit reports and bank and credit card statements for suspicious activity. You can contact IDCARE for more assistance if you suspect your identity has been stolen. For organisations, you should consult your IT teams for any signs of unauthorised access or unusual activity.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-21
22. Only 23% of respondents believe identity fraud to be a problem for their business, yet 61% thought it was a major issue in general.
Not all New Zealand businesses are doing enough to mitigate their risk of cyber-crime. But it’s the responsibility of every business to adopt best practices for protecting their data and systems, especially since vulnerabilities in one organisation can impact every other organisation in a supply chain or network.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-22
Phishing Statistics
23. Phishing and credential harvesting continue to be the largest category of incidents affecting organisations reported by CERT NZ, accounting for 86 incidents (49%) during Q4 2022.
Phishing attacks typically involve sending fraudulent emails or messages that appear to be from a legitimate source but contain links to fake websites or attachments that contain malicious software (malware). Phishing is a type of social engineering tactic commonly used by cybercriminals. Other than phishing, individuals and businesses may also fall victim to baiting, scareware or pretexting.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-23
24. The financial and insurance services sector reported that over 80% of their cybersecurity incidents are related to phishing and credential harvesting.
One way cyber-criminals use phishing is by creating look-a-like email addresses that appear to be from a colleague or supplier. This could contain links to a fake invoice or requests to provide information. Fake emails are low-cost and effective for criminals.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-24
25. The NCSC reported that phishing (4%) was one of the most recorded MITRE ATT&CK tactics and techniques observed in 2021/2022.
MITRE adversarial tactics, techniques and common knowledge (ATT&CK) framework is a curated knowledge base and model for cyber adversary behaviour. By mapping recorded incidents to MITRE ATT&CK, the NCSC gained insight that the most commonly recorded known method of gaining access to a network was by exploiting a public-facing application.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-25
26. According to a KPMG test of New Zealand businesses, 1009 individuals (12.1%) failed the test by clicking on a web link in the email and 702 (8.4%) entered their password into the website.
It can be relatively easy for criminals to deceive your employees into clicking on a phishing link, especially if the email or message appears to be a trusted source. To mitigate this risk, you must verify the authenticity of the sender before entering any information or clicking on any links/attachments.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-26
Ransomware Statistics
27. As of Q4 2022, ransomware statistics spiked which resulted in a total of 36 reported incidents. Compared to Q3 2022 6 reported incidents.
Ransomware is a destructive attack for organisations, particularly because it locks down the victim’s computer systems, making them inaccessible until a ransom is paid to the attacker. This can cause major disruption in business operations, loss of revenue, decreased productivity and more.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-27
28. Two-thirds of 55% of New Zealand businesses said they were able to resolve a ransomware attack before significant damage was done.
When it comes to ransomware attacks, the reality is that it’s difficult to accurately determine the number of businesses that have been targeted and the full extent of the damages caused. This underscores the considerable difficulties faced by businesses, cybersecurity experts and government officials in grappling with the consequences of cyber-crime in the country.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-28
29. Rental, hiring and real estate services were impacted by ransomware attacks (50%) the most compared to other industries. This was followed by wholesale trade and the professional services sector.
CERT NZ reports that at least 65% of cybersecurity incidents could have been prevented by two-factor authentication (2FA). You can incorporate 2FA by creating a strong and unique password that involves special characters, letters and words, as well as another method of authentication such as text message or email.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-29
30. The most commonly recorded known method of gaining initial access to a network was by compromising infrastructure via a botnet (11%).
Botnets are often created by infecting large numbers of computers with malware, which allows the attacker to control the targeted computers remotely and use them for various activities. This might include sending spam or launching a denial-of-service (DDoS) attack. The botnet is used to distribute malware to carry out a ransomware attack.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-30
31. According to ransomware statistics, 110 incidents of ransomware accounted for 27% of all cybercrime incidents, a 14% increase year on year.
According to the NCSC, their ability to detect and prevent cyber-attacks has resulted in avoiding or minimising damages worth NZ$119 million for critical organisations in NZ over the past year. They attribute much of their success to the Malware Free Networks service, which involves sharing threat intelligence with partners including internet service providers.
Copy link
https://eftsure.com/en-nz/statistics/cyber-crime-statistics/#section-31
Sources
- CERT NZ
- Insurance Council of New Zealand
- National Cyber Security Centre
- National Cyber Security Centre
- Radio New Zealand
- Dual Cyber
- New Zealand Law Society
- Financial Markets Authority NZ
- Human Resources Director (HRD) NZ
- PYMNTS
- IT Brief New Zealand
- Newsrooms
- Security Brief New Zealand
- New Zealand Management
- KPMG
- The Spin Off
- Portswigger
