Select Page

Audit: NSW’s local government audit found that 47% of councils did not have a cyber security plan | kirbyidau.com

Audit: NSW’s local government audit found that 47% of councils did not have a cyber security plan | kirbyidau.com

Australian Audit Failure June 13 2023

NSW’s local government audit found that 47% of councils did not have a cyber security plan

IT policies and procedures were outdated or not in place at 43 councils

Audit Office of New South Wales Report: Local Government 2022

Read more reports from Audit Office of New South Wales and other Audit Reports. All reports for Local Government in Australia

Poor management of cyber security can expose councils to a broad range of risks, including financial loss, reputational damage and breaches of data involving the unauthorised release of sensitive data and personally identifiable information.

The NSW Cyber Security Policy states that the term cyber security covers all measures used to protect systems and information processed, stored or communicated on these systems from compromise of confidentiality, integrity and availability.

A lack of cyber security maturity continues to be a sector-wide common audit finding among councils.

Cyber security findings were reported in 63 councils (2020–21: 65 councils) as they did not have at least one of the following basic governance and internal controls to manage cyber security such as having a:

  • cyber security framework, policy and procedure
  • register of cyber incidents
  • simulated cyber attack testing (penetration testing)
  • cyber security training and awareness program.

Forty-seven per cent of councils do not have a formal cyber security strategy/plan in place.

Our data collection from 30 June 2022 council audits identified that only 53% of councils have created a formal cyber security strategy/plan.

In response to previous audit recommendations, OLG released Cyber Security Guidelines for NSW local government on 19 December 2022. The guidelines:

  • allow councils to assess their cyber security maturity and their maturity uplift
  • outline cyber security standards and controls recommended by Cyber Security NSW for NSW local governments
  • can be adopted by councils or used to form the basis of an internally developed cyber security policy
  • are strongly recommended to councils for adherence but is voluntary with no requirement to report maturity scores to Cyber Security NSW.

Sixty-nine councils (47% of councils) do not have a formal cyber security plan. These councils need to prioritise creation of a cyber security plan, based on the OLG’s Cyber Security Guidelines for NSW Local Government, in order to ensure cyber security risks over key data and IT assets are appropriately managed and key data is safeguarded. All councils should update their cyber security plans based on the guidelines.

The risks associated with poor cyber security maturity are compounded by information technology control weaknesses and poor information systems security hygiene.

Recommendation to councils
All councils need to prioritise and create a cyber security plan in order to ensure cyber security risks over key data and IT assets are appropriately managed and key data is safeguarded.

Councils should refer to the ‘Cyber Security Guidelines for NSW Local Government’ released by the OLG.

NSW Audit Councils 2022

About The Author

Steven Kirby

I provide independent and practical consultancy services through raising awareness and fostering the energy for change that delivers improved business management of information security governance, risk and compliance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow the Source link to the original article to support the content owner. We only provide a brief summary with metadata to assist in categorisation.

More Australian News

Delivery drivers losing cash to phishing scam prompts union warning | ABC News

Australian delivery drivers are being targeted in a sophisticated phishing scam in what the transport workers union says is already a vulnerable industry. #ABCNewsQld by Heloise Vyas Subscribe: http://ab.co/1svxLVE Read [...]

How two NSW students accessed 2,000 sensitive files

A pair of school students were able to access some 2,000 files containing data on other students’ mental health diagnoses, family circumstances, and … [...]

Film festival dumps address requirement after hack

Attendees of Melbourne’s most popular film festival will no longer need to provide a postal address when buying tickets after a recent data breach … [...]

The operational challenge: What the Mackay Sugar cyber attack reveals about Australia’s cyber readiness

Operational technology is vital to the bottom line of many Aussie companies – but it’s often forgotten when it comes to cyber security, one expert … [...]

How a notification wiped a business from social media | A Current Affair

Like most small businesses, Rebecca relies on social media for her brand. She spent years building her skincare line, even paying for ads on the platforms. But within seconds- it [...]

Key Trends in Cyber Security and Data Privacy (2026): a General Counsel lens

Cyber security and data privacy are now core governance tests - demanding clear decision-making authority, disciplined escalation and evidence … [...]

Australia’s New ADM Transparency Obligation: OAIC Signals a Broad Reading Ahead of December 2026

On 18 May 2026, the Office of the Australian Information Commissioner (OAIC) released its Issues Paper on the new automated decision-making (ADM) … [...]

Tracking pixels are one of many tracking tools that are often used by businesses to gain insights and target advertising effort across the internet … [...]

Legacy systems may be out of sight, but they're rarely risk-free. From forgotten databases to unsupported software, ageing technology gives attackers … [...]

Unfolding in real time: Artificial intelligence is reshaping cybersecurity

Key takeaways The cybersecurity capability of next-generation frontier artificial intelligence (AI) models is increasing rapidly. Large language … [...]

NSW Government Bulletin: Managing employee social media content in the public sector

Over recent years, the increase in social media activity across different platforms has facilitated opportunities for employees to comment on a broad … [...]

Shares
Share This

Discover more from Australian Cyber Aware

Subscribe now to keep reading and get access to the full archive.

Continue reading