The National Cyber Security Centre (NCSC) has reported a significant increase in cyber incidents across New Zealand in its Q3 2024 Cyber Security Insights Report.
The number of incidents rose 58% compared to the previous quarter, with phishing and unauthorised access accounting for the largest spikes.
According to the report, 1,905 incidents were recorded between July and September 2024, up from 1,208 in Q2. While overall financial losses decreased to $5.5 million – down 19% from the prior quarter – a quarter of all reported cases involved monetary loss.
The report highlighted an 80% surge in unauthorised access incidents, signalling growing challenges in securing digital accounts and systems.
Phishing and credential harvesting remain the leading types of cyber threats, making up nearly half of all reported incidents.
Cases of phishing increased 70% to 823 incidents in Q3, underlining the continued effectiveness of this method in allowing cybercriminals access to sensitive data.
Michael Jagusch, the NCSC’s director of mission enablement, explained that once attacks gain access to systems or accounts, they may steal information or prepare for more damaging attacks.
“Unauthorised access means the attackers are inside your systems or accounts and are potentially stealing information, moving your money around, or even preparing for a larger and more devastating attack. By the time these incidents are discovered, it’s often too late,” he said.
To reduce these risks, Jagusch advised businesses and individuals to use multi-factor authentication (MFA) and strong, unique passwords.
A separate study by cloud services provider Fastly Inc has found that organisations in Australia and New Zealand (ANZ) are taking longer to recover from cybersecurity incidents than expected.
The findings showed that recovery times in the region now average seven months, exceeding the anticipated 5.9-month timeline by 19%.
The survey, conducted in September 2024 by Sapio Research, included responses from 200 IT leaders across ANZ. It revealed that businesses that reduced their cybersecurity budgets faced more frequent breaches – averaging 31 incidents annually – and experienced extended recovery periods.
The NCSC encouraged ongoing incident reporting, which helps identify trends and supports efforts to counteract cyber threats.
Jagusch said the data received from reported incidents provides insight into how and where attackers are operating.
“These reports are good indicators of where and who the criminals are targeting, and we can expect more of this level in the coming months as we enter the holiday period,” he said.
He added that smaller financial losses under $500 have increased, reflecting a shift in cybercriminals’ tactics to target individuals more frequently.
