Recent threat intelligence provides useful insight into the cyber security environment facing New Zealand organisations. Data from Check Point Research indicates that, on average, organisations in New Zealand are experiencing approximately 1,689 attempted cyber events per organisation per week over the past six months, reflecting the scale and persistence of modern digital threats.
These findings illustrate how cyber activity has become a consistent operational consideration for organisations across all sectors.
Commonly Observed Vulnerabilities in New Zealand
The most frequently observed vulnerability type in New Zealand is information disclosure, affecting 58 percent of organisations. These vulnerabilities can expose sensitive information or system details that may be used by attackers as part of broader campaigns.
In addition, infostealer malware continues to feature prominently in the threat landscape. These tools are designed to collect credentials, authentication tokens, and other sensitive data, often from endpoints used in hybrid and bring-your-own-device (BYOD) environments. This type of malware is commonly associated with initial access activity rather than immediate disruption.
Ransomware Activity: A Change in Techniques
Ransomware remains a relevant risk for organisations globally and within New Zealand. Recent intelligence shows a shift in approach, with some threat actors placing greater emphasis on data-leak extortion alongside, or instead of, traditional system encryption.
This change reflects broader developments in the cybercrime ecosystem, including law-enforcement action against ransomware-as-a-service operations and increased attention to data protection obligations. Sectors such as healthcare, insurance, and education continue to be represented among reported incidents.
Focus on Edge Devices and Cloud Environments
Threat actors are increasingly observed targeting edge devices, such as network gateways and remote access appliances. These systems are often internet-facing and, if unpatched, can provide a pathway into internal networks.
Cloud environments are also a consistent area of focus. Configuration complexity, API security, and identity integration remain common challenges for organisations operating hybrid environments. In some cases, attackers are able to move between on-premises and cloud systems where security controls are not aligned.
Notable Cyber Incidents in New Zealand
Publicly disclosed incidents over the past two years highlight the practical impact of these trends. In March 2025, Vercoe Insurance Brokers reported a cyber incident that affected operations and raised the possibility of data exposure. Earlier incidents affecting Nissan Oceania also involved unauthorised access to systems supporting Australian and New Zealand operations.
While outcomes vary, these events demonstrate the importance of preparedness and visibility across digital environments.
Considerations for New Zealand Organisations
From a governance and risk perspective, cyber security continues to be an area requiring ongoing attention. Many organisations are focusing on:
Improving visibility over identity and access activity.
Maintaining patching and configuration hygiene for edge devices.
Reviewing cloud security and API controls.
Enhancing monitoring and incident response processes.
Taken together, these measures support a more informed and structured approach to managing cyber risk as part of normal business operations.
Talk to our cyber security team
BTG works with organisations across New Zealand to assess cyber risk, strengthen security controls, and improve operational resilience.
Contact our team to discuss your cyber security priorities.
