The reliance on information technology in modern government, in addition to the global interconnectivity between computer networks, has dramatically increased the risk of cyber security incidents. Such incidents can harm government service delivery and may include the theft of information, breaches of private information, denial of access to critical technology, or even the hijacking of systems for profit or malicious intent. These outcomes can have adverse impacts on the community and harm trust in government.

This report presents analysis of the New South Wales (NSW) Cyber Security Policy compliance data submitted by state agencies in 2024, along with insights into the cyber security environment drawn from selected reports published between 2018 and 2025. The report is a resource for the public sector. It provides insights into the challenges and opportunities for strengthening cyber resilience. 

The tactics of cyber actors are evolving, with the use of more advanced hacking tools, such as artificial intelligence. The risks associated with third–party systems have significantly increased in the NSW Government. The number of reported incidents involving third-party owned or managed systems has tripled in the last reporting year.

While cyber security governance in the NSW public sector has improved through broader adoption of policies and frameworks, there is still a critical need to:

• address unclear roles
• adequately identify information assets
• manage third-party cyber security risk
• address failures to meet basic protection standards
• perform phishing simulations more regularly
• align culture with cyber security environment to ensure controls are fit for purpose.