New report shows cyber-related crimes on the rise in NZ
New report shows cyber-related crimes on the rise in NZ
New Zealand’s National Identity & Cyber Community Support Service
Over 300,000 Kiwis had their identities stolen in the past 12 months and approximately 200,000 of them had their stolen identities actively misused by the thieves.
Only 7.6% of people reported the theft to Police.
These statistics are part of a report issued today by IDCARE, New Zealand’s national identity and cyber community support service. IDCARE was launched by the Minister of Justice in March 2015. IDCARE is a joint government-industry community support service initiative that operates on both sides of the Tasman.
The report is based on IDCARE’s household survey of 3,500 Kiwis, plus the experiences of clients that engaged its services throughout 2016.
It is the second report IDCARE has compiled. The first was in 2014, and this latest one shows cybercrime is on the rise in New Zealand.
IDCARE managing director, Professor David Lacey, says each theft equates to a loss of nearly $10,000.
He said almost every incident is preventable.
See the report’s results summarised below, or see the full report (www.idcare.org).
Key Household Survey Findings
• 6.1% (~ 200,000 residents) of New Zealanders aged 18 and over have experienced some form of identity compromise, and then a subsequent misuse of that information, over the past 12 months.
• 8.3% (~310,000 residents) of New Zealanders aged 18 and over believed their identity had been compromised over the past 12 months.
• Only 7.6% of New Zealanders surveyed who had experienced a compromise and/or misuse had reported the event to New Zealand Police. This is down from the 2014 responses.
• On average, it took New Zealanders 18 hours to respond to their identity and cyber-crime related event.
• $9,832 was the average financial loss experienced per identity compromise and misuse event.
• 83% of respondents that experienced an identity crime event felt extremely dissatisfied with how organisations treated them in response to their event.
• 27% of New Zealanders experienced some form of mental health impacts that required professional support following the event.
• Approximately half of all survey respondents (including those that had not experienced identity compromise and misuse) believed that they would experience this crime at some point in their lives.
Key IDCARE Client Experience Findings
In addition to conducting a household survey of 3,500 residents (results above), IDCARE collated the experiences of clients that engaged its services throughout 2016. From a total of 3,542 contacts over the past 12 months, the experiences of community members are summarized as follows:
• The most popular credentials targeted by identity thieves impacting New Zealanders were passports (49%), driver licences (35%) and bank account details (32%).
• Approximately a third of clients experienced misuse of their personal information in the unauthorised access of their bank accounts.
• The most prevalent form of identity compromise came from the theft of physical credentials (27%), followed by telephone scams (21%) and website scams (16%).
• It took on average New Zealanders 17 days to detect the compromise of their identity credentials and criminals approximately 72 hours to misuse these details.
• 94% of New Zealanders detect the compromise of their identity information first (before an organisation).
Observations from the Managing Director
• The incidence of identity and cyber-related crimes impacting the New Zealand community is on the rise. Over 300,000 New Zealanders experienced such crimes over the past 12 months, an increase of 0.2% of adults since 2014.
• The harm from identity and cyber-related crimes, including mental health impacts, appears largely connected with the standards of response organisations adopt in New Zealand.
• This was a disappointing finding from the study and one that is echoed each day at IDCARE by clients who engage across the community seeking support and guidance.
• Whilst a little over one in four misuse events result from stolen wallets, purses and documents, there is a growing trend around online and telephone scams. These tend to originate offshore and add continued complexities in their investigation and resolution for individuals and organisations.
• Most of the data breach events responded to throughout 2016 originated from attacks from offshore. In some instances, the attacking source had previous indicators of being associated with phishing and spamming but were not detected.
• Ransomware attacks also increased, particularly amongst accounting and medical practices. Small businesses continue to be a growing target of ransomware attacks and the ability to respond and restore is almost completely dependent on whether they business backs up their systems on separate devices and offline.
How to avoid identity and cyber-related crimes
• Almost every compromise is preventable.
• As consumers, New Zealanders need to be selfish and investigate before they take action.
• In the majority of cases where the compromise was not a physical theft of credentials, the individual had direct contact with the criminal – in other words, they actually facilitated the compromise of their personal information because they believed what the criminal was telling them. This can be avoided by not responding to someone who approaches you online or offline asking for your details.
• Ask someone. Call for help. Consumers shouldn’t feel pressured into acting without getting advice first from family, friends, even IDCARE (0800 201 415).
• Make sure you have anti-virus on all internet enabled devices, including smart phones (and yes including Apple). Make sure it is up to date.
• Watch where you keep and store your personal information. Avoid keeping scanned copies of licences and passports on email accounts.
• For organisations – plan for the worst – making up a data breach plan when it happens is not when you should plan. Call IDCARE to assist and visit privacy.org.nz to get some great materials from the Privacy Commissioner’s Office.