Incidents decreased but average direct financial loss per incident was up
A report from the National Cyber Security Centre (NCSC) reveals that cyberattacks continue to impact New Zealand’s employment sector, ranging from individuals seeking job opportunities to small and medium-sized businesses, as outlined in its 2023/2024 Cyber Threat Report.
The report highlights a persistent landscape of evolving threats, despite a slight decrease in the overall number of incidents affecting smaller entities.
The NCSC recorded 7,122 cyber incidents in 2023/24, with 6,779 handled through its general triage process, primarily impacting individuals and small to medium businesses. While this represents a 12.5% decrease from the previous year, the financial repercussions have intensified, with the average direct financial loss per incident rising from $14,000 to $25,500.
A notable finding in the report focuses on how malicious actors exploit individuals in the realm of employment. Scams and fraud, particularly those involving job or business opportunities, contributed significantly to the reported financial losses. Of the 40 incidents where losses exceeded $100,000, 17 were directly related to fraudulent offers of employment or investment schemes. The findings underscore the increasing sophistication of cybercriminals who prey on individuals’ trust and their increasing reliance on technology for career advancement.
Phishing and credential harvesting remain the most common attack types affecting organizations, though a 31% decrease was observed from the previous year. For individuals, these were the second most common, often leading to unauthorized access to accounts. The report emphasizes that such incidents can lead to financial losses, data compromise, and even reputational damage for both individuals and businesses.
The NCSC stresses that while the overall number of incidents impacting smaller entities has decreased, the impact on those affected remains high. The report encourages all New Zealanders, from employees to business owners, to enhance their cyber security awareness and adopt robust practices to mitigate these ongoing threats.
