Five judgements
In this document we set out five judgements for 2025 regarding cyber security. Each judgement explores a key aspect of the current threat landscape that we think is most relevant for decision-makers.
The judgements are:
About our judgements
Our judgements are based on our work both domestically and internationally. This is not an exhaustive list, but they include some of the most prominent, noteworthy and recurrent issues that we observe.
These judgements also reflect the trends in the more severe incidents the NCSC responded to this year. Of the 5995 reports received by the NCSC during the 2024/25 financial year, 331 incidents were triaged as incidents of potential national significance, meaning they received additional analysis and support.
The statistics and case studies used throughout the report are primarily based on our work between 1 July 2024 and 30 June 2025. We recognise that we do not have perfect understanding of the New Zealand cyber security environment, so these should be regarded as illustrative rather than a complete overview.
This report will give you a picture of how the cyber security environment is evolving and how these changes should be factored into your risk assessments and strategic thinking.
We hope this information will help you consider how well your organisation is prepared for the current cyber threat landscape, and will help to inform the cyber security investment and resourcing decisions you make in your organisation. This information should be considered alongside other sources of information that inform your cyber security decisions.
Resources
Download Cyber Threat Report 2025 [PDF, 1.9 MB]
Key cyber security terms and their definitions can be found in our glossary: