News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. News
  3. Are you prepared for a serious cyber security incident?

Are you prepared for a serious cyber security incident?

1 December 2025

The NCSC’s Cyber Threat Report 2025, released today, analyses cyber security attacks seen in New Zealand and overseas, and highlights key factors organisations should take into consideration when setting their cyber security programme.

“Many New Zealand businesses and organisations make the mistake of assuming they are not big enough, not wealthy enough or not critical enough to be a target,” NCSC’s Chief Operating Officer, Michael Jagusch says.

“In the changing geostrategic environment there are a range of reasons – from financial motivation to espionage and hacktivism – why an organisation in New Zealand may be targeted.”

The report presents five key ‘judgements’ of the cyber threats facing New Zealand organisations.

The five judgements are:

  1. State-sponsored actors are actively targeting New Zealand
  2. The commercialisation of cybercrime means cybercriminals have more tools
  3. Hacktivists are targeting New Zealand organisations as global conflicts escalate
  4. Threat actors are exploiting supply chains, hidden dependencies and organisational blind spots to cause impact
  5. Known weaknesses and unpatched vulnerabilities are providing threat actors with easy access.

Mr Jagusch says the judgements are based on the NCSC’s work both domestically and internationally, particularly the trends in the more severe incidents responded to this year.

“These are not an exhaustive list, but they are the most prominent, noteworthy and recurrent issues we have seen in the 2024/2025 reporting year.”

Each judgement provides considerations to help inform organisations’ cyber security decisions.

“The report is designed to equip decision makers with the context and questions to ask, so they can ensure their organisation is thinking about how these risks may affect them.”

Mr Jagusch says that while the overall number of incidents recorded by the NCSC is down from previous years, over time, the number of incidents of potential national significance handled by the NCSC has remained largely stable.

Read the full Cyber Threat Report 2025

Download the Cyber Threat Report 2025 [PDF, 1.9 MB]

By the numbers

The statistics used throughout the report are drawn from incidents recorded by the NCSC between 1 July 2024 and 30 June 2025.

The NCSC recorded 5995 incidents, with 4343 reports from individuals and 1321 from organisations. The remainder were unspecified.

331 reported incidents were identified as incidents of potential national significance. These are incidents that could cause high impact at the national level. These are incidents that have the potential to impact large groups of New Zealanders.

Of those incidents, 82 could be linked to suspected state-sponsored actors (compared to 110 in 2023/24 year). Another 137 were likely criminal or financially motivated (compared to 65 in 2023/24).

[ENDS]

Note to editors

Media contact: media@ncsc.govt.nz

NCSC Director Mission Enablement, Mike Jagusch, is available for interviews.