News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. News
  3. NCSC report for Quarter 3 2025 shows large increase in reported financial losses

NCSC report for Quarter 3 2025 shows large increase in reported financial losses

The National Cyber Security Centre’s (NCSC) Cyber Security Insights report for Quarter 3 2025, shows that a total of 1,249 incident reports were received in the period from 1 July to 30 September 2025.

17 December 2025

Direct financial losses of NZ$12.4 million were reported to the NCSC in Q3, a 118% increase compared to the $5.7 million reported last quarter. This increase was caused by a small number of high-value loss reports involving the unauthorised or falsified transfer of money.  

“This quarter, we have received a number of reports of significant financial losses resulting from business email compromises. This is where a bad actor gains access to email accounts and then sends fake invoices or changes payment details to redirect payments to their bank account”, said the NCSC’s Chief Operating Officer, Mike Jagusch.

110 incidents were triaged for specialist technical support because they were of potential national significance. This was a 96% increase from the 56 such incidents in Q2 2025.

“A rise in unauthorised access to email accounts was one of the main drivers of this increase in potentially nationally significant incidents,” said Mr. Jagusch. “Another reason was a general uptick in other malicious activity that we linked to cyber criminals and financially motivated actors.”

Also on the rise this quarter were incident reports relating to malicious software, commonly known as malware. The first feature article for this quarter details recent developments in malware, and what New Zealanders can do to protect against it.  

“The cyber threat landscape is evolving quickly,” said Mike Jagusch. “Malware is becoming much more sophisticated. For example, bad actors now offer malware-as-service platforms that give criminals who lack advanced technical skills the ability to deploy malicious software.”

Scams and fraud continued to be the most reported incident category, as it has been since Q4 2024.

This quarter, the NCSC also observed a 50% increase in scams involving employment and business opportunities. The second feature article for this edition details some common employment and jobs scams reported to the NCSC, and the warning signs to watch out for.

Read the Quarter Three Cyber Security Insights 2025 report
 
ENDS

Key data highlights

  • 1,249 total incident reports were recorded by the NCSC. Of these, 110 were triaged for specialist technical support because they were of potential national significance.
  • The remaining 1,139 were handled through the NCSC’s general triage process. These incidents were largely reported to the NCSC by individuals and businesses.  
  • Direct financial loss recorded was $12.4 million. This is a 118% increase compared to the previous quarter’s $5.7 million.
  • With 446 total reports, Scams and Fraud continued to be the most reported incident category. The second-highest number by category was Phishing and Credential Harvesting, with 355 total incident reports.  

Notes:
Media contact: media@ncsc.govt.nz

The NCSC’s Chief Operating Officer, Mike Jagusch, is available for interviews.