News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Insights
  3. Quarterly Cyber Security Insights
  4. Quarter One Cyber Security Insights 2026
  5. Data landscape: A closer look at our numbers

Data landscape: A closer look at our numbers

This section provides a standardised set of results, graphs, and an analysis of the latest trends. Analytical comment is provided where meaningful or interesting trends were identified.

If you would like different cuts of the data, please email us

Incidents and referrals

Between 1 January and 31 March 2026, a total of 1,164 incidents occurred, of which 1,087 reports did not require specialist technical support. 
 
Of the total incidents: 
            
639 were responded to directly by NCSC

  • 339 were referred to New Zealand Police
  • 113 were referred to the New Zealand Telecommunications Forum (TCF)
  • 81 were referred to the Department of Internal Affairs (DIA)
  • 12 were referred to the Commerce Commission
  • 3 were referred to Consumer Protection
  • 1 was referred to the Domain Name Commission (DNC) 

The NCSC may refer a single incident to multiple agencies. As such, the above referral numbers may not sum to the total incident count.

Number of incidents reported by quarter

Breakdown by incident category

This section includes only the 1,087 reports that did not require specialist technical support.

Phishing and credential harvesting became the most common incident category in Q1 increasing by 54% from 283 in Q4 to 437 in Q1.

Scams and fraudwas the second most common incident category in Q1 2025 and has decreased by 21% from 432 in Q4 to 340 in Q1.

Incidents relating to unauthorised access increased this quarter by 24% from 177 in Q4 to 220 to Q1.

Scams and fraud were responsible for reported direct financial loss of $3.8M, while unauthorised access had a loss of approximately $1.6M.

We define all the incident categories in the appendix of this report - more about the incident categories we use. External Link

Incidents affecting individuals

Out of the total of the 1,087 reports that did not require specialist technical support in Q1 2026, 917 (84%) were reported as affecting individuals.

The largest category affecting individuals this quarter isphishing and credential harvesting, which accounts for 39% of reports impacting individuals.

Incidents relating to scams and fraud for individuals decreased by 19% from 404 in Q4 to 326 but accounted for $3.8M of the reported loss this quarter.

Incidents affecting organisations

Out of the total of the 1,087 reports that did not require specialist technical support in Q1 2026, 118 incidents (11%) affected organisations.

Phishing and credential harvesting continues to be the largest category of incidents reported to us by organisations, accounting for 47% of incidents affecting organisations processed through our triage during Q1.

Demographics: Reporting by sector

Of all incident reports that provided sector information, Professional, Scientific, Technical, Administrative and Support Services is the most commonly reported sector this quarter.

Demographics: Reporting by age

Of the 917 incidents affecting individuals, 729 (79%) provided their date of birth. 

The most common age band was reporters aged 35 to 44, accounting for 22% of reports where a date of birth was provided, the losses incurred by this age group were also the highest with $2.9M in reported loss.

Reporters in the 65 and over age bracket incurred the second highest losses, of those age groups providing data, with a total of $1.2M.

Breakdown by age

Financial loss by age

Impact: Direct Financial Loss

There were 283 incidents reported to the NCSC during Q1 2026 that reported a direct financial loss, and 273 reports that specified the loss amount.

Direct financial losses totalled $5.6 million in Q1 2026, increasing by 76% compared to last quarter. 

Direct financial loss breakdown

The most common loss value reported sat between $100 to $499 with 112 incidents in this band. Incidents $10,000 and over made up $5.4M (97%) of reported loss despite consisting of only 42 incidents.

Impact: Types of loss

As well as financial loss, the NCSC responded to incidents where other types of loss occurred. 

Financial loss: 283 incidents

This includes not only money lost as a direct result of the incident, but also the cost of recovery - for example the cost of contracting IT security services or investing in new security systems following an incident. (Q4 2025: 321).

Reputational loss: 16 incidents

Damage to the reputation of an individual or organisation as a result of the incident (Q4 2025: <10)

Data loss: 56 incidents

Loss or unauthorised copying of data, busines­s records, personal records and intellectual property (Q4 2025: 64).

Technical damage: <10 incidents

Impacts on services like email, phone systems or websites, resulting in disruption to a business or organisation (Q4 2025: <10).

Operational impacts: <10 incidents

The time, staff and resources spent on recovering from an incident, taking people away from normal business operations (Q4 2025: <10).

Other: 15 incidents

Includes types of loss not covered in the other categories (Q4 2025: 20).

Previous section A new frontier in artificial intelligence Next section Quarter One Cyber Security Insights 2024
SEE ALL QUARTERLY REPORTS
Top