Cyber security incidents recorded in 2022/2023
- 316 incidents affecting nationally significant organisations.
- Compared to 350 incidents recorded in 2021/2022.
- 73 of those, or 23%, indicated links to suspected state-sponsored actors.
- Compared to 34% in the 2021/2022 year.
- 90 incidents, or 28%, were likely criminal or financially motivated.
- Compared to 23% in the 2021/2022 year.
Harm prevention
- NZ$382m – Since June 2016, the NCSC has prevented an estimated $382.4 million worth of harm to Aotearoa New Zealand’s nationally significant organisations.
- NZ$65.4 million worth of harm prevented in 2022/2023.
- 250,000 – In 2022/2023, the NCSC disrupted over 250,000 malicious cyber events as part of Malware Free Networks®.
The NCSC in a typical month
- Detects 7 cyber incidents affecting one or more nationally significant organisations through the NCSC’s cyber defence capabilities.
- Receives 20 new incident reports or requests for assistance. Of the new incident reports received each month, 12 come from international and domestic partners while 8 come from victim organisations self-reporting.
The NCSC increased Aotearoa New Zealand’s collective cyber resilience
- Delivered 79 incident reports to customers.
- Published 7 advisories for customers, including 5 co-authored with domestic or international partners.
- Triaged 105 common vulnerabilities and exposures (CVEs), leading to 20 critical vulnerability alerts.
- Co-chaired 22 sector-based Security Information Exchanges.
In the 2022/23 year, the NCSC and GCSB
- Received 159 notifications of network change proposals under The Telecommunications (Interception Capability and Security) Act 2013 (TICSA).
- Conducted 20 assessments of regulated space activities under the Outer Space and High-altitude Activities Act 2017 (OSHAA), and 45 assessments of regulated radio spectrum activities Radiocommunications Act 1989.
- Conducted 42 assessments under the Overseas Investment Amendment Act 2021