Cyber Threat Report 2023/24 released

Complex threat environment reflected in NCSC report

The Government Communications Security Bureau’s (GCSB) Deputy Director-General Cyber Security, Lisa Fong, has today released a report [PDF, 1.5 MB] that shows New Zealand is facing increasingly complex cyber security threats from both criminals and other countries.

“The National Cyber Security Centre's (NCSC) annual Cyber Threat Report shows our cyber threat landscape is constantly changing, with malicious cyber activity likely to continue to impact a larger range of systems and victims as our technology use increases," Ms Fong says.

The NCSC, which is part of the GCSB, recorded 7122 cyber security incidents in the year to 30 June 2024 - its first year as New Zealand's lead operational cyber security agency.

"This is the first reporting year since CERT NZ was transferred to the NCSC, enabling an overview of cyber threats to be presented in a single report,” Ms Fong says.

"While the report draws from separate data sets, we can begin to see the extent of malicious cyber activity. Of the 7122 incidents, 6779 were handled through the NCSC's general triage process, often affecting individuals or small to medium businesses, resulting in $21.6 million of reported losses.

“The other 343 incidents were triaged for more specialist technical support because of their potential national significance. These are incidents that affect the systems and data of organisations in key sectors or where NCSC's understanding of the malicious actor responsible for the incident means there is additional risk."

Of these 343 incidents (up from 316 in 2022/23), 110 could be linked to state-sponsored actors and 65 were likely caused by criminal or financially motivated actors – which was consistent with the past few years.

"I encourage everyone to familiarise themselves with the cyber landscape, develop a better understanding of the techniques and tactics used by malicious cyber actors, and take the steps recommended in this report to mitigate them."