News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. News
  3. Quarter One sees significant cyber incidents

Quarter One sees significant cyber incidents

The NCSC Cyber Security Insights report for the period 1 January 2026 – 31 March 2026

22 June 2026

In Q1 the NCSC responded to three C2 category or ‘highly significant’ incidents, the first type of these incidents since the 2021/22 financial year. C2 category incidents impact key sensitive data or cause disruption to essential New Zealand services in organisations of national significance.

These types of incidents typically have the potential to impact a wide range of people and organisations and often involve highly sensitive information.

In this report the NCSC outlines lessons that other organisations can learn about ensuring sensitive data is protected.

“Ensuring basic cyber security measures such as multi-factor authentication, managing who has full access to the network, and protection of the network edges were in place could have helped to defend against these incidents” said NCSC Chief Operating Officer, Mike Jagusch. 

“Organisations have an obligation to protect their customers’ and their sensitive personal information by securing their networks with NCSC’s recommended, or similar, minimum-security standards”.

Overall, the NCSC responded to 1,164 incidents throughout the first quarter of 2026. This is a very slight increase from the previous quarter, with phishing and credential harvesting being the most common type of incident reported.

Direct financial loss in Q1 totalled $5.6 million, a significant increase of 76% from the previous quarter, with individual New Zealanders accounting for $5.2 million of that loss. Despite increasing, this figure is below the average loss over the last two years.

The report also offers insight into the implications of Frontier AI and how these models can be used both for and against cyber incident prevention.

“Frontier AI models will change the cyber threat landscape for organisations because of the ability for malicious actors to find and exploit vulnerabilities at unprecedented speed and scale,” said Mike Jagusch, “but they also have the potential to be used to assist defence and protect systems at a similar scale and pace. For now, the best way to prepare is getting the basic security measures in place.” 

The NCSC has recently published new guidance for cyber defenders and for business leaders to help them understand the risk of Frontier AI products.

Read the The NCSC Cyber Security Insights Report for Q1 2026

Key data highlights – Q1 2026

  • The NCSC responded to 77 incidents that required specialist technical support. This is a 14% decrease from the 90 in Q4 2025.
  • Three of these were categorised as C2 or ‘highly significant’.  These are the first C2 incidents recorded by NCSC since the 2021/2022 financial year.
  • 1,087 incidents were reported that did not require specialist technical support in Q1, up 4% from Q4 2025.
  • Phishing and Credential Harvesting was the most common type this quarter with 437 incidents.
  • $5.6 million in direct financial loss was reported in Q1 2026, a 76% increase from the previous quarter’s $3.2 million.
  • Incidents $10,000 and over made up $5.4M (97%) of reported loss despite consisting of only 42 incidents.