News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Insights
  3. Quarterly Cyber Security Insights
  4. Quarter Four Cyber Security Insights 2025
  5. Data landscape: A closer look at our numbers

Data landscape: A closer look at our numbers

This section provides a standardised set of results, graphs, and an analysis of the latest trends. Analytical comment is provided where meaningful or interesting trends were identified.

If you would like different cuts of the data, please email us

Incidents and referrals

Between 1 October and 31 December 2025, a total of 1,131 incidents occurred, of which 1,041 were handled through the NCSC's general triage process.

Of the total incidents:             

  •  644 were responded to directly by NCSC
  • 386 were referred to New Zealand Police
  • 54 were referred to the Department of Internal Affairs (DIA)
  • 52 were referred to the New Zealand Telecommunications Forum (TCF)
  • 7 were referred to the Commerce Commission
  • 1 was referred to the Office of the Privacy Commissioner (OPC)
  • 1 was referred to Netsafe.

The NCSC may refer a single incident to multiple agencies. As such, the above referral numbers may not sum to the total incident count. 

Number of incidents reported by quarter

incidents-per-quarter-total

Breakdown by incident category

This section includes only the 1,041 reports managed through the NCSC’s general triage process.

Scams and fraud continued to be the most common incident category since Q4 2024 and has decreased slightly from 446 in Q3 to 432 in Q4.

Phishing and credential harvesting decreased by 20% from 355 in Q3 to 283 in Q4.

Incidents relating to unauthorised access decreased this quarter by 18% from 215 in Q3 to 177 to Q4. 

Read the incident categories we use

category-breakdown

Incidents affecting individuals

Out of the total of 1,041 reports managed through the NCSC's general triage process in Q4 2025, 872 (84%) were reported as affecting individuals.  

The largest category affecting individuals this quarter is scams and fraud, which accounts for 46% of reports impacting individuals.  

Incidents relating to unauthorised access impacting individuals decreased this quarter with a 20% decrease from 171 in Q3 to 137 in Q4.  

individual-by-category

Incidents affecting organisations

Out of the total of 1,041 general triage incidents handled by the NCSC in Q4 2025, 117 incidents (11%) affected organisations.

Phishing and credential harvesting continues to be the largest category of incidents reported to us by organisations, accounting for 34% of incidents affecting organisations processed through our general triage during Q4.  

orgs-by-category

Demographics: Reporting by sector

Of all incident reports that provided sector information, Public Administration and Safety is the most reported sector this quarter, amounting to 15% of reports providing sector information.

incidents-by-sector-total

Demographics: Reporting by age

Of the 872 incidents affecting individuals, 702 (81%) provided their date of birth.

The most common age band was reporters aged 35 to 44, accounting for 24% of reports where a date of birth was provided, however the losses incurred by this age group were not the highest. 

Reporters in the 55–64-year-old age bracket incurred the highest losses, of those age groups providing data, with a total of $890,000.

Breakdown by age

incidents-by-age

Financial loss by age

financial-loss-by-age

Impact: Direct financial loss

There were 321 incidents reported to the NCSC during Q4 2025 that reported a direct financial loss, and 308 reports that specified the loss amount.

Direct financial losses totalled $3.2 million in Q4 2025, decreasing by 75% compared to last quarter.   

Scams and fraud were responsible for reported direct financial loss of $2.6 million, while unauthorised access had a loss of approximately $440,000.

direct-financial-loss

Direct financial loss breakdown

The most common loss value reported sat between $100 to $499 with 119 incidents in this band. Incidents $10,000 and over made up $2.9 million (93%) of reported loss despite consisting of only 39 incidents.

loss-by-count

Impact: Types of loss

As well as financial loss, the NCSC responded to incidents where other types of loss occurred. 

Financial loss: 321 incidents

This includes not only money lost as a direct result of the incident, but also the cost of recovery - for example the cost of contracting IT security services or investing in new security systems following an incident. (Q3 2025: 377). 

Reputational loss: <10 incidents

Damage to the reputation of an individual or organisation as a result of the incident (Q3 2025: 24). 

Data loss: 64 incidents

Loss or unauthorised copying of data, business records, personal records and intellectual property (Q3 2025: 55). 

Technical damage: <10 incidents

Impacts on services like email, phone systems or websites, resulting in disruption to a business or organisation (Q3 2025: <10). 

Operational impacts: <10 incidents

The time, staff and resources spent on recovering from an incident, taking people away from normal business operations (Q3 2025: 10). 

Other: 20 incidents

Includes types of loss not covered in the other categories (Q3 2025: 16). 

Previous section Chasing shadows: managing unsanctioned IT Next section Quarter One Cyber Security Insights 2024
SEE ALL QUARTERLY REPORTS
Top