The National Cyber Security Centre (NCSC) has released its latest Cyber Security Insights report for Q1 2025, revealing a troubling 14.7% increase in financial losses reported by New Zealanders due to cybercrime.

From January 1 to March 31, this year, the New Zealand’s NCSC recorded 1,369 cybersecurity incidents.cyber security incidents. Of these, 77 were considered potentially enough to warrant specialist technical support, a slight decrease from the 100 such incidents in the final quarter of 2024. The remaining 1,292 incidents were handled through the NCSC’s general triage process, marking a 2.7% increase compared to the 1,258 reports in Q4 2024.

Financial losses reported to the NCSC reached NZ$7.8 million in Q1 2025, up from $6.8 million in the previous quarter.

This figure represents the second-highest quarterly loss ever recorded by the NCSC, only surpassed by the $8.9 million loss documented in Q3 2022.

Notably, the majority of these losses, approximately $6.5 million, stemmed from scams and fraud, including business email compromise (BEC) and unauthorized money transfers.

BEC, a cyberattack where cybercriminals infiltrate business email systems to redirect payments or steal sensitive information, remains a key driver behind many of the reported financial damages.

Tom Roberts, the NCSC’s Response and Investigations Team Lead, commented on the findings: “Many of these losses again came from scams and fraud, particularly through business email compromise and unauthorized money transfers. This pattern aligns closely with what we observed in the previous quarter.” He further emphasized that over half of the reported financial losses targeted businesses, with organizations handling financial transactions, such as law firms and real estate agencies, being frequent targets.

Roberts also cautioned that “the true scale of losses is likely to be much greater,” since only a fraction of incidents are reported to the NCSC. He urged individuals and businesses alike to remain vigilant online, stating, “Bad actors are always waiting for an opportunity to steal money or information.” The NCSC encourages all affected parties to report incidents promptly, noting that their expertise helps victims respond and recover, while also enhancing the centre’s overall understanding of the threat environment.

Cyber Security Insights Report for Q1 2025: Incident Types and Trends

The Q1 2025 Cyber Security Insights report highlights the nature and scope of cyber threats faced by New Zealanders. Scams and fraud remained the most frequently reported category, with 486 incidents, slightly down 4% from the previous quarter. Meanwhile, phishing and credential harvesting incidents saw a 15% jump, rising to 440 cases. Other incident types included unauthorized access (228 incidents, up 11%), website compromise, malware, ransomware, and denial of service attacks, though many of these saw decreases from Q4 2024.

The report notes that 28% of incidents handled through the general triage process involved financial loss, reflecting the ongoing costliness of cybercrime in the country. Large losses remain a concern: ten incidents in Q1 resulted in losses exceeding NZ$100,000, and a striking 95% of reported losses came from amounts over NZ$10,000, continuing a trend from previous quarters.

National Significance and Threat Actors

Of the 77 incidents triaged for specialist technical support, most fell into routine or moderate severity categories. Specifically, 56% were routine (C5 routine incidents), 26% moderate (C4 moderate incidents), and 16% (C6 minor) incidents, with only two classified as significant (C3 significant incidents). No national cyber emergencies were reported this quarter.

The NCSC also assessed suspected actors behind these attacks. Approximately 25% of the incidents were linked to likely state-sponsored groups, while 37.5% were attributed to cybercriminal organizations. The remaining 37.5% could not be confidently assigned to a known malicious actor.

The NCSC applies the MITRE ATT&CK framework to better understand attacker methods. In Q1 2025, reconnaissance activity—mostly involving credential harvesting—was the most commonly observed tactic. Other frequently detected tactics included impact, credential access, initial access, resource development, and data exfiltration.

Conclusion

The NCSC’s Phishing Disruption Service published 265 verified phishing indicators in Q1 2025, while Malware Free Networks disrupted over 150 million threats. The Cyber Security Insights report for Q1 2025 shows increased financial losses and cyber risks. Continued incident reporting and cooperation between the NCSC, businesses, and individuals remain essential to managing these threats.

References: 

• https://www.ncsc.govt.nz/news/rise-in-financial-losses-reported-to-the-ncsc
• https://www.cert.govt.nz/insights-and-research/quarterly-report/quarter-one-cyber-security-insights-2025/

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.