New Zealand Ransomware Statistics

What are New Zealand's leading cybersecurity statistics?

According to recent studies, ransomware has become the most dangerous cybersecurity threat facing New Zealand businesses today. CERT NZ's latest Q1 2025 report shows New Zealanders lost $7.8 million to cybercrime, which is a 14.7% increase from Q4 2024's $6.8 million.

For small and medium enterprises (SMEs) across New Zealand, understanding and preparing for this cybersecurity threat isn't just optional; it's essential for business survival.

Modern Ransomware Operations

Modern threat groups operate as organised crime businesses. And, like legitimate businesses, they come complete with customer service, payment processing, and franchise models.

The Rise of Ransomware-as-a-Service

The biggest game-changer has been "Ransomware-as-a-Service" (RaaS). Skilled developers create ransomware tools and rent them to less technical criminals called "affiliates." The affiliates run the attacks and split profits with the developers, typically 60-40.

This franchise model has dramatically increased attacks on small and medium businesses. Previously, cybercriminals focused on large corporations because they required significant technical skill and resources. Now, anyone can purchase a ransomware kit and target smaller, easier victims.

Double Extortion

Modern attackers do not just encrypt your data, they steal it first. This means even if you have perfect backups, they can still threaten to leak your customer information, financial records, or business secrets unless you pay. This "double extortion" tactic has made ransomware far more devastating than traditional data loss.

Triple Extortion

Thought double extortion was bad enough? Triple extortion is where cybercriminals go one step further. After first demanding payment to decrypt your files, then threatening to leak your stolen data, the criminal groups directly target the people whose information was stolen. They contact your clients, customers, or patients individually and threaten to release their sensitive personal data unless a ransom is paid.

This data could be medical records, financial information, personal images, videos, or other private details. This tactic puts enormous pressure on businesses because it directly harms the people they serve, often forcing companies to pay even when they have good backups and security measures in place.

The Impact on New Zealand Businesses

Ransomware can destroy a small business in ways that go far beyond the initial ransom demand. New Zealand has seen several high-profile attacks that demonstrate this reality. The 2021 Waikato DHB ransomware attack paralyzed hospital systems for weeks, affecting patient care across the region. Internationally, we have seen companies like UK freight firm KNP pay their ransom but still collapse, and Travelex pay US$2.3M yet still go out of business months later.

The National Cyber Security Centre's (NCSC) latest Q1 2025 report shows cybercrime continues to escalate, with $7.8 million in direct financial losses reported, up 14.7% from the previous quarter. This represents the second-highest financial loss in a quarter ever recorded by the NCSC. The report shows that 28% of cybersecurity incidents resulted in financial losses, demonstrating how costly these attacks have become.

For SMEs conducting business in New Zealand, the impact includes immediate costs from system downtime, lost sales, emergency IT support, and potential ransom payments, plus long-term damage from customer loss, reputation harm, and regulatory fines if customer data is exposed under the Privacy Act 2020.

Essential Cyber Security Protection for New Zealand SMEs

Protecting against ransomware doesn't require enterprise-level budgets, but it does require the right approach.

Based on guidance from CERT NZ and the NCSC, here are the critical defenses every small business in New Zealand needs:

1. Bulletproof Backups

Your most important defence is backups that criminals cannot reach or destroy. Follow the 3-2-1 rule, which means keep three copies of important data and store them on two different types of media, with one copy completely offline or offsite.

Test your backups regularly, because discovering they do not work during an attack is too late.

2. Strong Authentication

Implement multi-factor authentication (MFA) on all business accounts, especially email and cloud services.

Use strong, unique passwords with a password manager. Most ransomware attacks succeed because of weak or stolen passwords.

3. Keep Systems Updated

Install security updates promptly on all computers, servers, and software.

Criminals constantly scan for unpatched vulnerabilities they can exploit. Enable automatic updates where possible, and set up a routine for checking critical systems weekly.

4. Email Security

Since most attacks begin with phishing emails, invest in advanced email filtering that blocks malicious attachments and links before they reach your staff.

Train employees to recognize suspicious emails and establish clear procedures for reporting them.

5. Network Protection

Segment your network so attackers cannot easily spread from one computer to all your systems. Install endpoint detection software that can identify and stop ransomware behaviour.

Consider managed security services if you do not have internal IT expertise.

6. Staff Training

Your employees are both your weakest link and strongest defense.

Conduct regular training on recognizing phishing emails, using strong passwords, and reporting suspicious activity. Run simulated phishing tests to identify who needs additional training.

7. Incident Response Plan

Develop a clear plan for what to do if you are attacked. Know who to call, which includes CERT NZ, your IT provider, and applicable cyber insurance company.

Know how to isolate infected systems, and how to communicate with customers. Practice this plan with your team before you need it.

Conclusion

Many small businesses try to handle cybersecurity entirely in-house.

Consider working with cybersecurity experts who understand New Zealand's regulatory environment and can provide professional penetration testing to find vulnerabilities before criminals do, engage in security assessments tailored to your industry and size, deploy incident response support when attacks occur, and offer ongoing monitoring and threat intelligence.