News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Insights
  3. Quarterly Cyber Security Insights
  4. Quarter Three Cyber Security Insights 2025
  5. Data Landscape: A closer look at our numbers

Data Landscape: A closer look at our numbers

This section provides a standardised set of results, graphs, and an analysis of the latest trends. Analytical comment is provided where meaningful or interesting trends were identified.

If you would like different cuts of the data, please email us

Incidents and referrals

Between 1 July and 30 September 2025, a total of 1,249 incidents occurred, of which 1,139 were handled through the NCSC's general triage process.

Of the total incidents:

  • 682 were responded to directly by NCSC 
  • 462 were referred to New Zealand Police 
  • 65 were referred to the Department of Internal Affairs (DIA) 
  • 42 were referred to the New Zealand Telecommunications Forum (TCF) 
  • 8 were referred to the Commerce Commission 
  • 5 were referred to Consumer Protection NZ 
  • 3 were referred to the Domain Name Commission (DNC)
  • 2 were referred to the Office of the Privacy Commissioner (OPC) 
  • 1 were referred to Netsafe 
  • 1 were referred to the Financial Markets Authority (FMA)

The NCSC may refer a single incident to multiple agencies. As such, the above referral numbers may not sum to the total incident count. 

Number of incidents reported by quarter

FrontPage IncidentsPerQ Total

Breakdown by incident category

This section includes only the 1,139 reports managed through the NCSC’s general triage process.

Scams and fraud continued to be the most common incident category since Q4 2024 and has decreased slightly from 514 in Q2 this year, to 446 in Q3.

Phishing and credential harvesting decreased by 5% from Q2 to Q3.

Incidents relating to malware increased again this quarter by 36% from 22 in Q2, to 30 to Q3.

Read the incident categories we use

FrontPage EventSubCategory

Incidents affecting individuals

Out of the total of 1,249 incidents in Q3 2025, 964 (77%) were reported as affecting individuals.  

The largest category affecting individuals this quarter is scams and fraud, which accounts for 42% of reports impacting individuals.  

Incidents relating to malware impacting individuals continues to increase for another quarter with a 65% increase from 17 in Q2 to 28 in Q3.  

IndividualByCategory

Incidents affecting organisations

Out of the total of 1,249 incidents handled by the NCSC in Q3 2025, 177 incidents (14%) affected organisations.

Phishing and credential harvesting continues to be the largest category of incidents reported to us by organisations, accounting for 32% of incidents affecting organisations during Q3.  

OrganisationsByCategorynew

Demographics: Reporting by sector

Of all incident reports that provided sector information, Public Administration and Safety is the most reported sector this quarter, amounting to 19% of reports providing sector information.

IncidentsBySectorTotal

Demographics: Reporting by age

Of the 964 incidents affecting individuals, 785 (81%) provided their date of birth. 

Reporters aged 35 to 44 was the most common age band, accounting for 23% of reports where a date of birth was provided, but 45% of reported loss for such incidents.

Meanwhile, reporters aged 55 and over accounted for $2.1M in direct financial loss this quarter.

Breakdown by age

IncidentsByAgeBand

Financial loss by age

DirectFinancialLossByAgeBand

Impact: Direct financial loss

There were 377 incidents reported to the NCSC during Q3 2025 that reported a direct financial loss, and 362 reports that specified the loss amount.

Direct financial losses totalled $12.4 million in Q3 2025, increasing by 118% compared to last quarter.

DirectFinancialLossPerQuarter

Direct financial loss breakdown

The most common loss value reported sat between $100 to $499 with 137 incidents in this band. Incidents $10,000 and over made up $12.1M (97%) of reported loss despite consisting of only 56 incidents.

LossBandByCount

Impact: Types of loss

As well as financial loss, the NCSC responded to incidents where other types of loss occurred. 

Financial loss: 377 incidents

This includes not only money lost as a direct result of the incident, but also the cost of recovery - for example the cost of contracting IT security services or investing in new security systems following an incident. (Q2 2025: 420).

Reputational loss: 24 incidents

Damage to the reputation of an individual or organisation as a result of the incident (Q2 2025: 22)

Data loss: 55 incidents

Loss or unauthorised copying of data, busines­s records, personal records and intellectual property (Q2 2025: 76).

Technical damage: <10 incidents

Impacts on services like email, phone systems or websites, resulting in disruption to a business or organisation (Q2 2025: 10).

Operational impacts: 10 incidents

The time, staff and resources spent on recovering from an incident, taking people away from normal business operations (Q3 2025: 16).

Other: 16 incidents

Includes types of loss not covered in the other categories (Q2 2025: 38).

Previous section Résumé for disaster: Employment scams and fake jobs Next section Quarter One Cyber Security Insights 2024
SEE ALL QUARTERLY REPORTS
Top