Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily.

Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter
facebook linkedin X Instagram Instagram

Explore

SECTIONS

MORE

search button

At-risk NSW government agencies have not set deadlines to address cyber issues

A state audit has revealed that a large majority of assessed NSW government agencies have cyber risk levels above their capabilities, and a large majority of those have no set deadlines for fixing these issues.

user icon Daniel Croft
Fri, 04 Oct 2024 Government
At-risk NSW government agencies have not set deadlines to address cyber issues
expand image

The audit was conducted as part of the NSW Cyber Security Policy, which was launched in 2019.

As part of the NSW Auditor-General’s report released earlier this week (2 October), the state reviewed the cyber security standing of 26 government agencies.

According to the report, of the 20 agencies that evaluated their cyber security risks, 18 assessed that “their cyber security risks were above their appetites”.

============
============

Additionally, 14 of those 18 had no set deadlines for resolving the issues but had implemented “open-ended time frames”.

Four of the 26 agencies did not provide high-risk extra cyber awareness training, three agencies had not mandated annual cyber security training or defined their training requirements, and two agencies had no funded plans to improve their cyber security at all.

The overall finding when it came to identifying and recording cyber risks was that agencies need to consolidate their methods of recording risks and reporting them.

“Despite similar frameworks, agencies have taken different interpretations of how to define and record risks,” said the report.

“The number of cyber security risks recorded by agencies ranged from one to 298. While some variance would be expected due to the size and complexity of agencies, risk registers ought to be at a level that informs and supports decision making rather than simply a list of all known vulnerabilities or potential incidents and causes of incidents.”

Cyber Daily logo
VIEW ALL

The report also concluded that for agencies that emphasise the importance of mandatory cyber awareness training, completion rates were low.

“Where it has been mandated that staff complete awareness training, agencies reported actual completion rates between 66 per cent and 100 per cent (22 agencies). One agency could not provide statistics on their rates of completion,” the report said.

Not including the three agencies that do not mandate the training at all, 13 of the agencies send non-completion notifications to staff managers, while the other nine inform staff directly.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2024 MOMENTUMMEDIA