NZ Cyber Threat

The National Cyber Security Centre (NCSC) has been publishing reports of cyber security incidents since 2011.

Since that time the number of serious cyber incidents recorded by the Centre has increased steadily.

The increase is likely to be a combination of increased awareness of the importance of reporting cyber incidents and the role and functions of the NCSC. Incidents meet criteria, which we regularly review, to differentiate them from other common on-line events before they are recorded in our statistics.

Recorded incidents range in seriousness from the targeting of small businesses with “ransom ware” and attempts to obtain credit card information through to serious and persistent attempts to compromise the information systems of significant New Zealand organisations.  This can include identification and exfiltration of valuable intellectual property.

Some of these threats come from well-resourced foreign sources. Sometimes they are targeting significant New Zealand organisations, others use New Zealand systems to target overseas networks.

Examples of the threats identified through GCSB’s cyber security capabilities include;

■  The targeting of several officials from a key government agency through email and web site exploits in an effort to get personal information and potentially compromise the agency’s network.  This attack was detected and mitigated before important information could be lost/compromised

■  The use of a malware package, to target six significant New Zealand organisations.   The threat was detected and mitigated through systems and support provided via our CORTEX capabilities.

■  Identifying and tracing the source of a new cyber-attack method.  The attack targeting several CORTEX customers.  The “fingerprints” of this new threat were able to be passed on to our international partners, helping to reduce global vulnerability to this particular attack.

■  Detecting large-scale targeting of a nationally significant organisation as part of a global campaign.  The NCSC was able to work closely with the New Zealand organisation to contain the threat.

Part of our response to the more sophisticated and advanced types of these threats is the CORTEX initiative.

Report an Incident

If your organisation has encountered or suspects a cyber-security incident, please complete and return the Cyber Security Incident - Report Form. If you require assistance in dealing with the incident, please complete the Cyber Security Incident – Request for Assistance Form.

If required, you can speak with us directly on (04) 498-7654.

If you would like to report an incident related to your home computer, please refer to resources page for guidance.

NCSC understands that incident reports may contain commercially or otherwise sensitive information. Information in incident reports to NCSC may, however, form part of NCSC's reporting to other entities on cyber threats. This reporting is an important part of NCSC's information assurance and cyber security function. Subject to the point below, NCSC reporting to other entities would not include personal information about identifiable individuals.

All information in incident reports to NCSC may also be shared with the Minister responsible for GCSB, the Minister for National Security and Intelligence, and the Inspector-General of Intelligence and Security.


The NCSC uses the Traffic Light Protocol (TLP) to determine the sensitivity and handling instructions for incident-related and other information with which it is entrusted. Details of the TLP can be found here: Traffic Light Protocol (PDF, 354 KB)