Cyber Threat Report for 2021/2022 released

NCSC report reflects geostrategic competition and implementation of new capabilities

The impact of global geostrategic competition and the implementation of new cyber defence capabilities are reflected in the latest annual Cyber Threat Report from the Government Communications Security Bureau’s (GCSB) National Cyber Security Centre (NCSC).

Lisa Fong, NCSC Deputy Director-General, says the 12 months to 30 June 2022 saw the centre achieve a significant milestone with the launch of its Malware Free Networks (MFN) capability, and increase its focus on addressing strategic cyber security risk.

“By the end of June, MFN had disrupted more than 122,000 events which could have harmed New Zealand organisations. That number has now increased to more than 200,000 as more partners have been able to deploy MFN to their customers.”

Last month, MFN was awarded “best security product or service” at the cyber security industry’s annual iSANZ Awards.

“We are really proud of what we have been able to achieve in using MFN to scale our cyber defence impact,” Ms Fong says.

“We recognised the key to that was working in partnership with the private sector, providing them with high-quality cyber threat information which they can readily use to help protect their customers, in tandem with other commercial products.

“Through our MFN partners we are able to take cyber threat information from a range of sources, including the operation of our own capabilities, and from our international partners, and use it to help defend New Zealand organisations.

“When we launched MFN in November last year, we knew this would be a real step change for New Zealand’s cyber security posture, and our ability to have impact at scale and speed would grow enormously,” Ms Fong says.

The NCSC recorded 350 incidents affecting nationally significant organisations in the year to 30 June 2022, compared to 404 in the previous year.

Ms Fong says the number of incidents recorded by the NCSC reflects only those cyber security events which have a level of significance and complexity to potentially cause national-level harm. 

“We know that Russian and other Eastern European actors feature significantly in the global cyber threat landscape. It is likely that the Russian invasion of Ukraine has meant both state and criminal actors from the region, and other significant global threat actors, are more focused elsewhere than on activities that have previously impacted New Zealand. 

“In the lead-up to the Russian invasion of Ukraine, the NCSC stood up a dedicated effort to support the resilience of New Zealand organisations. This included working with international partners to understand the types of cyber threats which might occur as a result of the conflict, and providing alerts to our customers.”

State-sponsored cyber actors continue to feature significantly in recorded incidents, Ms Fong says, with the proportion of incidents that can be linked to state actors increasing slightly, at 118, or 34 percent, up from 28 percent last year.

The proportion of incidents which could be linked to likely criminal or financially motivated actors was down slightly at 81, or 23 percent of the total, compared to 27 percent last year.

Ms Fong says the NCSC’s cyber defence capabilities continue to help reduce the harm to New Zealand organisations from malicious cyber activity.

“We calculate that our cyber defences helped reduce more than $33 million worth of harm in the financial year, bringing the total harm reduced since 2016 to $317 million.”

Ms Fong says this calculation does not take into account the impact of the NCSC’s MFN capability.


About the NCSC

The National Cyber Security Centre (NCSC) is a part of the Government Communications Security Bureau (GCSB).  The NCSC deters, detects, disrupts, and provides advice about the types of malicious cyber activity that could affect Aotearoa New Zealand’s wellbeing or prosperity.

The NCSC operates the GCSB’s cyber defence capabilities and leads cyber security engagement with New Zealand’s organisations of national significance to protect their information systems from high-impact and advanced cyber-borne threats. The NCSC is the lead organisation for responding to cyber threats that could have an impact on national security and wellbeing.

The NCSC also provides cyber security resilience assessment and advice, and advice on addressing new cyber security vulnerabilities when they are identified.

The NCSC also works with CERT NZ(external link) which provides general support to businesses, organisations and individuals affected by cyber security incidents

Every day, we work to protect Aotearoa New Zealand’s nationally significant organisations.

Media contact: