What's a cyber security incident?

 A cyber security incident is a breach of the security rules that puts – or has the potential to put – your information or the systems you use at risk.

This could include:

  • attempts to gain unauthorised access to a system and/or data
  • unauthorised use of systems for the processing or storing of data
  • unauthorised extraction of data or system information
  • changes to a system’s firmware, software, or hardware without the system owners’ consent.


Some common types of incidents:

  • Phishing – when cyber criminals try and trick you into giving them money, information, or access to your organisation's system(s). For example, pretending that your bank account has been locked and you need to re-enter your credentials. Phishing attacks can come as fake emails, text messages or phone calls, and sometimes as a combination of all three.
  • Malicious Software (‘Malware’) – software that cyber criminals use to access and spy on your devices, or even take control of them.
  • Ransomware – a type of malware that encrypts (locks up) your files so you can’t access them. It can also completely stop your devices or system from working. Cyber criminals then ask you to pay money to get your files unlocked. 
  • Identify theft – when someone pretends to be you online. They use your details to steal personal or organisational information and use it to their benefit.
  • Distributed Denial of Service (DDOS) – a type of attack where cyber criminals use lots of computers to overwhelm your online connections. If this kind of attack is successful, it can cause your systems to shut themselves off and can be unavailable for some time.

Signs you might have a problem

It’s not always obvious that a cyber security incident has taken place. While some things, like encryption of data or a ransomware attack are easy to spot, other incidents can slip under the radar.

The best way to stay on top of what’s happening in your systems is to always have robust alerting in place. If you’re from a small to medium sized organisation, your IT vendors are responsible for this and it’s a good idea to ask about what security monitoring and alerting they have in place.

There are sometimes other signs that something may not be right with your IT systems, although these things alone are not enough to confirm a cyber security incident is taking place. These can include:

  • Unexpected changes to important files or other records.
  • Your internet connection and/or network is running slower than normal.
  • A device is behaving strangely, for example it is turning itself off and on.
  • You can’t log on to your computer or into your network as normal.
  • You can’t access applications or your data as normal

If you experience any of these and think it could be something more sinister, reach out to your IT vendors to check what they’re seeing. This helps to validate if it is a cyber security incident or a performance issue, which should be resolved either way.

More information about cyber security & incidents

It can be hard to know where to start when thinking about cyber security incidents! There are lots of resources available online to help you understand more.

CERT NZ have guides available to help you understand different types of attacks, and also have information about how you can start to build a protected environment.

At the heart of all cyber security incidents is the risk of data not being private and secure. Take a look at the Privacy Commissioner to learn about your responsibilities.

And finally, keep coming back to the Cyber Hub for more information! Te Whatu Ora will continue to publish more information about cyber security incidents, how to prepare and how to respond should anything ever take place.