The cost of cyberbullying in New Zealand has more than doubled since 2018.
A new Netsafe report, based on a survey of 1000 Kiwis by economist Shamubeel Eaqub’s Sense Partners, says cyberbullying costs New Zealand an estimated $1.1 billion per year - more than double the last survey in 2018.
Netsafe CEO Brent Carey says cyberbullying involves costs such as lost productivity, extra sick days and GP visits.
Eaqub says the $1.1b figure is the product of conservative assumptions and methodology and the true cost is likely higher.
Carey says complaints have risen over the past survey five years ago in part because the social media platforms have become more pervasive but also partly because victims now feel more comfortable reporting abuse.
The report also says official reports capture only a fraction of financial losses from online scams and frauds.
Crown agency Cert NZ said in its most recent report Kiwis lost a total of $22.4 million to online scams, fraud and other cyber incidents in the year to June 30.
For the year to June 30, 2022, it fielded reports of incidents totalling $17.7m in losses.
For the same period, Netsafe was approached by victims who had online fraud and scam losses totalling $35.6m.
But based on police and Ministry of Justice research that estimates nine out of 10 cybercrime incidents go unreported, Netsafe’s report says: “Conservatively the true cost of online fraud could be over $200m-$470m a year.”
“The fraud part is really concerning. Most is not reported and that fills me with fear,” Equab told the Herald.
His report says: “We need better reporting and to not treat online crime differently from other crimes.”
The Netsafe report, based on fieldwork carried out in April this year, taps a similar vein to a demographically weighted survey of Horizon Research survey of 1039 adult New Zealanders, which found 7 per cent had been the victim of a cybercrime - which extrapolates to 258,000 Kiwis. Ten per cent (or 385,000) had suffered fraud related to a bank account (the Herald recently reported on six victims who allegedly lost a combined $1.25m to international scammers via a Whanganui “money mule”; read the latest on banks’ efforts to tighten protections - critics say belatedly - here).
Cert NZ, by contrast, has had fewer than 2000 incidents reported to it in each of the past three quarters.
Director Rob Pope earlier told the Herald: “We [Cert NZ] understand that the report numbers are just the tip of the iceberg.”
Some people are too sheepish to admit they’ve clicked on a malicious link. Others simply don’t know Cert NZ exists as a cyber-triage unit for individuals and small businesses. Some companies fear reputational damage.
Part of the solution would be better resourcing for police, who were often too overwhelmed in other areas to respond meaningfully to many of the victims who had approached the Herald.
“Crime is increasing in every realm that the police deal with,” Equab said.
“Australia and Singapore are trying to do things with a dedicated resource,” he added.
Australia’s 2023 Budget included A$86.5m ($94m) to establish a new National Anti-Scam Centre, and A$46.5m earmarked to establish a co-ordinator for cyber security to co-ordinate multi-agency efforts.
Funding for the office of the e-Safety Commissioner (Australia’s equivalent to NZ’s Netsafe) was also quadrupled with an A$131m injection (or five times Netsafe’s public funding) on a per capita basis.
“We should try to do the same. Where is the urgency?” Eaqub said.
A March InternetNZ survey found more than half of Kiwis are confused about where to report a cyber incident.
Netsafe is the approved agency for the Harmful Digital Communications Act 2015 (HDCA). It liaises with the big social media platforms to resolve issues involving the likes of cyberbullying, harmful content and hate speech (with the option to escalate disputes to the district courts).
Is it muddying the waters for Netsafe to devote part of its efforts to online fraud and scams - which many would more naturally see as the home of Cert NZ (the Government’s Computer Emergency Response Team).
“People report scams to us because we’re well known to the public. We have no wrong door. We’re a trusted port of call,” Netsafe chief executive Brent Carey said.
“The two of us [Netsafe and Cert] need to co-ordinate and triage those reports. But 15,000 of our 26,000 reports are related to scams, and people are expecting Netsafe to do something to help them. So the demand is there. And if we shifted that demand to Cert, could Cert cope with 15,000 mums and dads contacting them?”
In a July Cabinet paper, GCSB Minister Andrew Little proposed folding Cert into the GCSB, National Cyber Security Centre (NCSC). Little said the change would give Cert NZ more oomph and address the fact that “the current system is fragmented, creating a ‘merry-go-round experience for business victims’ of cybercrime”.
Cert was duly moved under the GCSB’s umbrella last month.
But another proposal from that July Cabinet paper is still up in the air.
Currently, Netsafe, a non-profit, non-governmental organisation, draws some of its funding from corporates and philanthropy, but the bulk from the Ministry of Justice and the Ministry of Education.
The paper said: “To better ensure alignment of the Government’s security and social cohesion priorities, we propose consolidating NetSafe funding arrangements in the Department of Internal Affairs, consistent with DIA’s role in digital safety and online harm.”
Retired District Court Judge David Harvey, a cyber-specialist who consulted with the Law Commission on the legislation that shaped Netsafe’s current role, questioned that move in comments to the Herald.
“The funding shift for Netsafe seems to have no rationale expressed other than that for some years DIA has been leading a comprehensive review of New Zealand’s media content regulation system [that continues] and that folding Netsafe’s funding into the DIA from its original sources with the Ministry of Education and the Ministry of Justice would seem to place Netsafe under the eye of the DIA. Netsafe’s role as Approved Agency is under the HDCA and that Act is administered not by the DIA but by the Ministry of Justice,” Harvey said.
“The concern that I have is that a government department - which already administers the Films, Videos and Publications Classification Act and is engaged in investigative activity regarding objectionable content - is expanding the scope of its interests and operations to the wider area of content which at present is not governed by law (other than the HDCA). One of the major principles behind the HDCA was to keep its administration separate and distinct from the state. That is why an NGO is the Approved Agency.”
Netsafe’s independence from government departments was crucial to its role in moderating internet content, Harvey said. To put it under the thumb of the DIA could hold risks to freedom of expression.
There are also more immediate meat-and-potatoes issues.
Netsafe’s Justice Minstry funding runs through until 2026.
But CEO Brent Carey says its contract with the Ministry of Education expires in June next year.
“Usually we’d be doing a Budget bid [to the ministry] right now,” Carey said.
“The timing is messy because that Cabinet paper was July 3 and we’re now in caretaker mode, waiting for the next Government.”
His most positive take on events is that Netsafe will continue to draw private funding - allowing it to maintain its independence as an NGO - but with a possible all-of-government contract rather than having to bob between departments. But as things stand, it’s not clear how things will resolve.
Under Carey’s new-broom leadership, Netsafe has increased its staff numbers to 30.
The agency had $4.4m in funding last year and has scope to tap more from the Justice Ministry if has to deal with more complaints.
But Cary says Netsafe is fielding around 20 per cent more reports each year against the backdrop of two increasing pressures. One is that complaints are getting more and more complex in nature, the other is the social media platform’s safety teams “have been impacted from resourcing” - a diplomatic way of saying that X (formerly Twitter) CEO Elon Musk gutted his company’s moderation and safety teams, and all the other social media platforms have followed suit, to some degree.
Chris Keall is an Auckland-based member of the Herald’s business team. He joined the Herald in 2018 and is the technology editor and a senior business writer.
OPINION: Economic and fiscal forecasts demand more aggressive reform.