Detecting and responding to cyber security incidents

A report released today by the Auditor-General for New South Wales, Margaret Crawford, found there is no whole-of-government capability to detect and respond effectively to cyber security incidents. There is very limited sharing of information on incidents amongst agencies, and some agencies have poor detection and response practices and procedures.

'I am concerned that incidents will go undetected longer than they should, and opportunities to contain and restrict the damage will be lost', said the Auditor-General.

Cyber security incidents can harm government service delivery and may include theft of personal information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent.

Given current weaknesses, the NSW public sector’s ability to detect and respond to incidents needs to improve significantly and quickly.

'The NSW Government needs to establish a clear whole-of-government responsibility for cyber security that is appropriately resourced to ensure agencies report incidents, information on threats is shared and the public sector responds in a coordinated way', said Ms Crawford. 

Further information

Barry Underwood, Director, Office of the Auditor-General, on 9275 7220 or 0403 073 664 and email barry.underwood@audit.nsw.gov.au.