Australian Audit Failure November 01 2021

None of New South Wales lead cluster agencies have implemented all Essential Eight controls

Premier and Cabinet, Communities and Justice, Customer Service, Education, Planning, Regional NSW, Health, Treasury, and Transport

Audit Office of New South Wales Report: Compliance with the NSW Cyber Security Policy
Reported in: None of NSW’s lead cluster agencies have implemented all Essential Eight controls | ZDNet

Read more reports from Audit Office of New South Wales and other Audit Reports

The cybersecurity policy for New South Wales government agencies is not sufficiently robust which is a cause for “significant concern”, according to the state’s auditor-general Margaret Crawford.

• None of New South Wales lead cluster agencies have implemented all Essential Eight controls
• No participating agency has implemented all of the Essential 8 controls at level one or above
• The agencies have also failed to reach even level one maturity for at least three of the Essential Eight strategies

“Key elements to strengthen cybersecurity governance, controls, and culture are not sufficiently robust and not consistently applied. There has been insufficient progress to improve cyber security safeguards across NSW government agencies,” the auditor-general wrote in a compliance report about the state’s cybersecurity capabilities.

Crawford warned that overstating the effectiveness of an agency’s cybersecurity capabilities could undermine the ability to address cyber risks and ultimately expose them to cyber attacks.