Cyber-attacks on New Zealand computers and networks have more than doubled over the last five years, data released under the Official Information Act shows.

The figures, released to the Herald by New Zealand's National Cyber Security Centre (NCSC), which forms part of the Government Communications Security Bureau (GCSB), reveal a jump in reported cybersecurity incidents since the centre became operational in September 2011.

In 2011, there were 90 reported cybersecurity incidents. A cybersecurity incident is considered to be an attack, or an attempted attack, against a computer or network that harms, or may potentially harm, the confidentiality, integrity, or availability of network data or systems.

In 2012, the number of cyber-attacks jumped to 134 and in 2013 there were 219.


The latest available figures show 190 cybersecurity incidents over 2014/15 after a change in reporting by calendar year to financial year.

The figures revealing the extent of the problem come as Communications Minister Amy Adams earlier this month said one in five Kiwis were affected by cybercrime in the last year.

At a global cost of around $600 billion a year, cybercrime is now bigger than the global drugs trade.

Prime Minister John Key has said New Zealand is constantly dealing with cyber-attacks that have been sponsored by foreign countries and terror groups.

"We're attacked by extremists and terrorists, and issue-motivated activists. Others include lone cyber hackers and disgruntled insiders. There are multiple kinds of threats and cyber harms," he said earlier this year.

At a cybersecurity summit in Auckland, Key said more than 856,000 Kiwis are affected by cybercrime each year, at an estimated cost to New Zealand last year of $257 million.

The NCSC, which provides "enhanced cybersecurity services" to the New Zealand government and private sector organisations to help them defend against cyber-borne threats, records reported cybersecurity incidents from affected groups, researchers, IT security partners, as well as "local and international partners" and the GCSB's "Cortex" cybersecurity programme.

The Government has poured millions into protecting New Zealand's $231 billion GDP from cyber-attack.


In May, it pledged $22m for the setting up of the Computer Emergency Response Team (Cert) which will receive cyberincident reports, track incidents and cyber-attacks, and provide advice and alerts on how to respond to and prevent attacks.

Spark said last month that 130,000 customer email addresses may have been compromised in Yahoo's massive 2014 data breach.

And earlier this month, NCSC reported the number of Kiwi domains caught up in a global data hack of popular US online file hosting service Dropbox has been estimated at 120,000.

A KPMG test on the cybersecurity of New Zealand businesses recently found one in 10 Kiwis could fall for a phishing attack - the practice of sending an email pretending to be from a reputable group to trick individuals to reply with personal information, such as passwords and credit card numbers.

KPMG conducted a phishing experiment with 35 organisations, who agreed to be involved, with a total of 8333 staff.

It found that 12 per cent of people clicked on the link and, once through to the website, 8.4 per cent entered their password details.

"If the phishing emails had been real, then cyber-criminals would have acquired the passwords of a significant number of people in every organisation," said Philip Whitmore, head of KPMG Cyber.

However, new research released today by InternetNZ shows that more than two thirds (72 per cent) of Kiwis are aware of the risks around personal security on the internet.

It also found that a staggering 94 per cent of New Zealanders check the internet at least once a day, with a third of Kiwis constantly connected online.

"We hope that high awareness of the importance of security will see people take measures to stay safe online," said InternetNZ chief executive Jordan Carter.

"With new advancements on the Internet - and with the release of many network-connected household devices - it is necessary that security is a top priority for internet users."