eCommerceNews New Zealand - Technology news for digital commerce decision-makers
New Zealand
Guides
#
commerce systems
#
customer data platforms
#
data analytics
#
digital signage
#
payment technologies
Search
Story image
#
Phishing
#
Advanced Persistent Threat Protection
#
Email Security

NZ cyber incidents cause NZD $7.8 million loss in early 2025

Yesterday
Author image
By Sean Mitchell, Publisher

The National Cyber Security Centre's latest report shows a significant rise in financial losses due to cyber incidents reported in New Zealand during the first quarter of 2025.

From 1 January to 31 March 2025, the NCSC recorded a total of 1,369 reported cyber incidents. Of these, 77 required specialist technical support having been assessed as potentially significant for national security, while the remaining 1,292 were managed via general triage.

Financial losses attributed to these incidents totalled NZD $7.8 million. This marks a 14.7% increase compared to the previous quarter's figure of NZD $6.8 million, and it represents the second-highest quarterly loss ever recorded by the NCSC. The highest was recorded in the third quarter of 2022, when losses reached NZD $8.9 million.

Tom Roberts, Response and Investigations Team Lead at the NCSC, noted the seriousness of the increase in losses.

"This is the second-highest quarterly total loss figure the NCSC has ever recorded. Many of these losses again came from scams and fraud, particularly through business email compromise – where an attacker targets the email systems of a business to obtain money or information – and unauthorised money transfers. This is consistent with what we saw in the previous quarter."

Roberts further commented on the likelihood that losses are being underreported.

"The true scale of losses is likely to be much greater, since we know only a small proportion of losses are reported to us. We urge people to be cautious online because bad actors are always waiting for an opportunity to steal money or information."

Of note, over half of all reported losses affected businesses rather than individuals. Law firms and real estate agencies were highlighted as sectors frequently targeted by cyber criminals looking to exploit large financial transactions.

"We have seen that cyber criminals are often targeting organisations that manage large financial transactions, like law firms and real estate agencies," said Mr. Roberts.

Incident and threat landscape

The total number of incidents reported in the first quarter rose by 0.8% compared to the previous quarter. In total, 486 incidents were categorised under scams and fraud, making this the most frequently reported kind of cyber crime. Phishing and credential harvesting was the second most reported category, with 440 incidents.

The scale of individual losses also drew attention. Ten separate incidents involved losses exceeding NZD $100,000 each, highlighting the scale at which some attacks are being perpetrated.

Roberts encouraged both organisations and individuals to make use of the NCSC's resources by reporting cyber incidents.

"We encourage individuals and businesses to report incidents to us. Our staff have deep expertise in analysing cyber threats, and we can help people respond to and recover from incidents. The reports we receive also help us to gain a better picture of the current threat environment. This information shows us where we can best focus our efforts to protect New Zealanders online."

Reporting and response

The NCSC's triage process sees reports from the public, businesses, and other organisations. The majority of incidents are handled through this initial process, although those that meet certain criteria for complexity or potential impact receive specialist attention from within the agency.

Business email compromise, unauthorised money transfers, and mass-market fraud continue to be the main vectors for financial loss, illustrating a consistent pattern in cyber criminal tactics in New Zealand.

The NCSC has stated that incident reporting not only supports victims but also contributes to a wider understanding of threats and trends. This, in turn, assists the agency in focusing protective measures where they are most needed.

The report indicates ongoing risks for both individuals and businesses from cyber crime, particularly for those organisations managing significant transactions or sensitive information.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Amplitude unveils AI Agents to automate digital product growth
Evergreen acquires REDD, celebrates $1 billion revenue milestone
Ivo launches AI tools to transform contract analysis & insight
Transport sector faces rising cyber risks amid AI boom
AI boosts business in ANZ, but staff anxiety & skill gaps grow
Top stories
Multiplier unveils COR for global contractor compliance
GreyOrange partners with LogiQ-On to launch gStore in ANZ markets
Liftoff unveils AppRefinery for app insights & market trends
Zespri launches Jam-Packed campaign to highlight kiwifruit nutrition
Freshworks launches Freddy AI Agent Studio for autonomous support