But Roberts said the true scale of losses is likely to be much greater.
“We know only a small proportion of losses are reported to us,” he said.
“We urge people to be cautious online because bad actors are always waiting for an opportunity to steal money or information.”
Roberts said many of these losses again came from scams and fraud.
“Particularly through business email compromise – where an attacker targets the email systems of a business to obtain money or information – and unauthorised money transfers. This is consistent with what we saw in the previous quarter,” Roberts said.
More than half of the losses reported to the NCSC were to businesses.
“We have seen that cyber criminals are often targeting organisations that manage large financial transactions, like law firms and real estate agencies,” Roberts said.
NCSC said 1369 incident reports were recorded by the agency in the first quarter, an increase of 0.8% compared with the previous quarter.
Scams and fraud made up the most reported incident category with 486 total reports, followed by phishing and credential harvesting with 440.
Roberts encouraged individuals and businesses to report incidents to the NCSC.
“Our staff have deep expertise in analysing cyber threats, and we can help people respond to and recover from incidents,” he said.
“The reports we receive also help us to gain a better picture of the current threat environment. This information shows us where we can best focus our efforts to protect New Zealanders online.”
Last month, the NCSC said it estimated Kiwis lost $1.6 billion to online threats in 2024.
The numbers were extrapolated across the adult population from its annual survey, which found 54% of adult New Zealanders had experienced an online threat in the last six months of 2024, with 830,000 suffering some financial loss.
The average amount lost per attack was $1260.
