Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Local councils still lack cyber preparedness, NSW auditor-general’s report warns

Assessing the cyber preparedness of three local councils, the NSW audit office has found that local government is failing to identify and manage cyber risks, warning of consequences to communities and local infrastructure.

user icon Liam Garman
Wed, 27 Mar 2024
Local councils still lack cyber preparedness, NSW auditor-general’s report warns
expand image

Local councils are failing to effectively implement risk management processes and cyber security policies, a recent NSW Auditor General’s Report has found.

Cyber security in local government audited the cyber security performance of the City of Parramatta Council, Singleton Council and Warrumbungle Shire Council, finding that all three routinely exhibited gaps in basic cyber security management, putting local infrastructure and financial information at risk.

The report found that none of the councils implemented governance arrangements to ensure accountability for cyber risks, and that none assessed the business value of their information and systems.

The findings highlight data and cyber risk to ratepayers, with the councils failing to prioritise cyber activities mitigating exposure and vulnerabilities of their most exposed and important business systems.

The audit even uncovered that two of three councils did not have a plan to improve their cyber security posture, despite finding that “none of the councils have up to date plans and processes to support effective detection, response and recovery from cyber security incidents.”

Poor cyber security hygiene at local government can lead to the theft of information, denial of access to critical technology or even hijacking systems, the report warned.

Over the last year, several third parties used by local councils have been victims of cyber attacks, highlighting the ongoing risk to local councils.

In April 2023, HWL Ebsworth, a law firm contracted by several Australian government entities, suffered a widespread data breach. Just a month later, an enterprise technology provider for local councils saw illegal access to its Microsoft 365 back-office system.

In April 2022, a NSW local council suffered a ransomware attack impacting employee financial data and systems monitoring water quality, the report warned.

The revelation comes as the Audit Office’s Local Government 2023 report found that 50 local councils have not yet implemented cyber security frameworks and internal controls.

The report recommended that councils follow Cyber Security Guidelines for Local Government

Liam Garman

Liam Garman

Liam Garman is the managing editor of professional services, real estate and security at Momentum Media. He began his career as a speech writer at New South Wales Parliament before working for world leading campaigns and research agencies in Sydney and Auckland. Throughout his career, Liam has managed and executed international media campaigns spanning politics, business, industrial relations and infrastructure. He’s since shifted his attention to writing on politics and business, and holds a Bachelor of Commerce from the University of Sydney and a Masters from UNSW Canberra with a thesis on postmodernism and media ecology. 

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.