The National Cyber Security Centre (NCSC) Cyber Threat Report 2025 was published today.
Watch a Video on the report generated by Google Notebook here.
New Zealand organisations are facing a rapidly intensifying cyber threat environment, with state-sponsored attackers, financially motivated criminal groups and activist hackers all increasing their activity, according to the latest Cyber Threat Report 2025 released by the National Cyber Security Centre.
The report paints a clear picture. Cyber incidents are no longer isolated technical events. They are affecting business continuity, financial stability, public trust and in some cases, national security. Over the last year, the NCSC handled almost 6,000 incident reports, with more than 300 requiring specialist investigation due to their potential national impact. These included ransomware attacks, state-linked intrusions, supply chain compromises and politically motivated disruption campaigns.
One of the most serious findings is the continued targeting of New Zealand by foreign state-linked actors. These groups are not chasing money. Instead, they are seeking intelligence, access and long-term control of digital systems. The report highlights activity linked to advanced threat groups such as Volt Typhoon and Salt Typhoon, which have been linked internationally to attacks on energy providers, telecommunications networks and government infrastructure. Similar techniques have now been seen in local environments, particularly against VPN systems, cloud services and senior public sector accounts.
Financially motivated cybercrime has also escalated. Ransomware continues to be the most damaging type of criminal activity reported. Direct financial losses recorded during the year reached $26.9 million, up sharply from the year before. The true cost is likely much higher once downtime, recovery effort and reputational harm are accounted for. Small and medium-sized businesses are particularly exposed. More than half reported experiencing at least one cyber threat during the year, with many still lacking basic protections such as multi-factor authentication and reliable backups.
Another growing concern is the exploitation of supply chains. Rather than attacking businesses directly, cyber actors are increasingly compromising vendors, service providers and software platforms to gain access downstream. The report describes multiple examples where attackers posed as helpdesk staff or vendors to trick employees into handing over login details. Once inside, attackers moved laterally through systems or used stolen credentials to launch extortion campaigns.
Hacktivism also rose sharply during the year. Distributed denial-of-service attacks were linked to political developments overseas, including actions taken by the New Zealand Government on international conflicts. Financial institutions, media outlets, utilities and transport providers were among the sectors affected. While many of these attacks caused limited technical damage, the report notes that reputational harm and customer confidence were often impacted.
Despite the sophistication of some attacks, the report is clear on one point. Many breaches still succeed because of basic weaknesses. Unpatched systems, reused passwords and exposed remote access continue to be easy entry points. In one case, New Zealand Police identified 19 local organisations running a known vulnerable system. Two had already been compromised before fixes were applied.
The NCSC is urging organisations to move beyond a checklist approach and focus on resilience. That includes understanding what systems are truly critical, knowing who has access, improving monitoring and practising incident response before a real emergency happens. Cyber security is no longer just an IT issue. It is now a leadership and governance responsibility.
For many businesses, the message is confronting but simple. Attacks are increasing, tools are becoming cheaper and more automated, and delays in patching can be fatal. Organisations that invest early in security hygiene, monitoring and response planning are far more likely to detect threats before they turn into disasters.
Contact us today to discuss how Incident Response Solutions can help your organisation prepare for, respond to or recover from cyber incidents.
Incident Response Solutions 