Data Landscape: A closer look at our numbers

Incidents and referrals

Between 1 April and 30 June 2025, a total of 1,315 incidents occurred, of which 56 were triaged for specialist technical support.

Of the total incidents:

648 were responded to directly by NCSC
491 were referred to New Zealand Police
59 were referred to the New Zealand Telecommunications Forum (TCF)
53 were referred to the Department of Internal Affairs (DIA)
23 were referred to the Commerce Commission
18 were referred to Consumer Protection NZ
5 were referred to the Office of the Privacy Commissioner (OPC)
3 were referred to the Financial Markets Authority (FMA)
3 were referred to the Domain Name Commission (DNC)

The NCSC may refer a single incident to multiple agencies. As such, the above referral numbers may not sum to the total incident count.

Number of incidents reported by quarter

Year	Quarter	Incidents
2025	2	1,315
2025	1	1,369
2024	4	1,456
2024	3	1,855
2024	2	1,311
2024	1	1,627
2023	4	1,970
2023	3	2,204

Breakdown by incident category

This section includes only the 1,259 reports managed through the NCSC’s general triage process.

Read the incident categories we use

Scams and fraud continued to be the most common incident category since Q4 2024 and has increased slightly from 486 in Q1 to 514 in Q2.

Phishing and credential harvesting decreased by 15% from Q1 to Q2.

Incidents relating to malware increased by 83% from 12 in Q1 to 22 to Q2.

Category	Number of incidents
Scams and fraud	514
Phishing and credential harvesting	374
Unauthorised access	240
Other	62
Website compromise	31
Malware	22
Ransomware	8
Denial of service	4
Botnet traffic	3
Suspicious network traffic	1

Breakdown of scam and fraud incidents

514 incidents reported to the NCSC in Q2 were related to scams and fraud. This incident category consistently features in the top three reported.

During Q2, NCSC received 261 reports involving buying, selling or donating goods, a 25% increase from 208 in Q1. Incidents relating to extortion decreased by 23% from 80 in Q1 to 62 in Q2.

Categories	Number of incidents
Buying, selling or donating goods	261
Extortion/blackmail scam	62
A new job or business opportunity offer	54
Unauthorised money transfer	33
Dating or romance scam	25
Investment scams	18
Asked to pay money upfront	17
Buying, selling or donating services	14
Scam phone calls	12
Cryptocurrency investment	11
Fake government services scam	7

Incidents affecting individuals

In Q2 2025, out of the total of 1,315 incidents, 1,049 (80%) were reported as affecting individuals.

The largest category affecting individuals this quarter is scams and fraud, which accounts for 45% of reports impacting individuals.

Incidents relating to malware impacting individuals more than doubled (113%) since last quarter from 8 in Q1 to 17 in Q2.

Category	Number of incidents
Scams and fraud	468
Phishing and credential harvesting	307
Unauthorised access	203
Other	36
Malware	17
Website compromise	10
Denial of service	3
Ransomware	3
Botnet traffic	1
Suspicious network traffic	1

Incidents affecting organisations

In Q2 2025, out of the total of 1,315 incidents handled by the NCSC, 131 (10%) incidents affected organisations.

Phishing and credential harvesting continues to be the largest category of incidents reported to us by organisations, accounting for 30% of incidents affecting organisations during Q2.

Category	Number of incidents
Phishing and credential harvesting	29
Scams and fraud	25
Unauthorised access	23
Website compromise	7
Other	5
Ransomware	4
Malware	3
Botnet traffic	1
Denial of service	1

Demographics: Reporting by sector

Of all incident reports that provided sector information, Professional, Scientific and Technical is the most commonly reported sector this quarter amounting to 12%. 

Sector	Number of reports
Not specified	23
Professional, Scientific, and Technical, Administrative and Support Services	19
Health Care and Social Assistance	14
Construction	14
Transport, Postal and Warehousing	10
Information Media and Telecommunications	10
Technology	9
Retail Trade and Accommodation	9
Public Administration and Safety	9
Financial and Insurance Services	9
Electricity, Gas, Water and Waste Services	8
Arts, Recreation and Other Services	6
Manufacturing	4
Education and Training	4
Wholesale Trade	2
Rental, Hiring and Real Estate Services	2
Agriculture, Forestry and Fishing	2

Demographics: Reporting by age

Of the 1,049 incidents affecting individuals, 858 (82%) provided their date of birth. 

Reporters aged 45 to 54 accounted for 19% of all reports but 34% of reported loss.

Meanwhile, reporters aged 18 to 24 represented 9% of incidents that provided an age but a combined loss of $0.7M (16% of loss for reporters that provided an age).

Breakdown by age

Age band	Number of reports
Under 18	18
18 to 24	78
25 to 34	153
35 to 44	179
45 to 54	159
55 to 64	126
65 and over	145

Impact: Direct financial loss

There were 420 incidents reported to the NCSC during Q2 2025 that reported a direct financial loss, and 408 reports specified the loss amount.

Direct financial losses totalled $5.7 million in Q2 2025, decreasing by 27% compared to last quarter. 

Year	Quarter	Loss value
2023	3	$4.7M
2023	4	$3.6M
2024	1	$6.6M
2024	2	$6.8M
2024	3	$5.3M
2024	4	$8M
2025	1	$7.8M
2025	2	$5.7M

Direct financial loss breakdown

The most common loss value reported sat between $100 to $499. Incidents $10,000 and over made up $5.3M (94%) of reported loss despite consisting of only 50 incidents.

Financial loss	Incidents
1 to 99	118
100 to 499	134
500 to 999	22
1,000 to 9,999	84
10,000 to 99,999	42
100,000 and over	8

Financial loss by age

Age band	Financial loss
Under 18	<$10,000
18 to 24	$710,000
25 to 34	$940,000
35 to 44	$320,000
45 to 54	$1,470,000
55 to 64	$570,000
65 and over	$320,000

Impact: Types of loss

As well as financial loss, the NCSC responded to incidents where other types of loss occurred.

Financial loss: 420 incidents

This includes not only money lost as a direct result of the incident, but also the cost of recovery - for example the cost of contracting IT security services (Q1 2025: 366).

Reputational loss: 22 incidents

Damage to the reputation of an individual or organisation as a result of the incident (Q1 2025: 29)

Data loss: 76 incidents

Loss or unauthorised copying of data, business records, personal records and intellectual property (Q1 2025: 73).

Technical damage: 10 incidents

Impacts on services like email, phone systems or websites, resulting in disruption to a business or organisation (Q1 2025: <10).

Operational impacts: 16 incidents

The time, staff and resources spent on recovering from an incident, taking people away from normal business operations (Q1 2025: 19).

Other: 38 incidents

Includes types of loss not covered in the other categories (Q1 2025: 28).

About our information

Incident categories