Cyber threat actors regularly target governments in order to access official ICT systems and data holdings.

In addition to cyber-attacks, ICT systems failures can significantly disrupt services heavily dependent on data-related infrastructure and communications such as the emergency services' ability to respond to an emergency.

Examples of significant events include the extreme threat posed by the BlueKeep remote desktop protocol vulnerability to Microsoft systems across government and an attack on ICT systems of hospitals and health services in Gippsland and south-west Victoria, both in 2019.

All links in the table below will open in a new window.
Publish year Assurance activity Summary Organisation
2014 Emergency Response ICT Systems (External link) An audit to assess how ICT systems and processes are used to deliver an emergency service response in Victoria. The audit found what worked well and what areas could improve about ESTA, Victoria Police, Ambulance Victoria and CFA ICT systems and capacities. Victorian Auditor-General's Office
2017 ICT Disaster Recovery Planning (External link) An audit of the effectiveness of ICT disaster recovery processes of Victoria Police and four departments providing essential government services. This report concluded that the audited organisations did not have sufficient assurance that they can recover and restore all their critical systems in the event of a disruption or disaster. Victorian Auditor-General's Office
2018 Department of Premier and Cabinet Annual Report 2017–18 (External link) A progress report on the actions set out in the Victorian Government’s Cyber Security Strategy 2016–2020. This strategy aimed to improve the cyber resilience and governance in government and major infrastructure and service providers, and included a whole of government Cyber Incident Response Service. Department of Premier and Cabinet
2019 Security of Water Infrastructure Control Systems (External link) An audit examining whether control systems in the water sector are secure, it reviewed governance arrangements over these control systems for four water providers: Barwon Water, Melbourne Water, Victorian Desalination Plant and Yarra Valley Water. Victorian Auditor-General's Office
2020 ACSC Annual Cyber Threat Report: July 2019 to June 2020 (External link) An identification of key cyber security threats targeting Australian systems and networks, and case study examples of malicious activity targeting Australian networks, between July 2019 and June 2020. It provides mitigation advice that all Australians and organisations can take to defend against these threats. Australian Cyber Security Centre
2021 ACSC Annual Cyber Threat Report (External link) An identification of key cyber threats affecting Australian systems and networks, with strategic assessments, analysis, and case studies to describe malicious cyber activity affecting Australian networks between July 2020 an June 2021. It provides mitigation advice to Australians and organisations can take to protect their networks from cyber threats. Australian Cyber Security Centre
2022 Administration of Critical Infrastructure Protection Policy (External link) An assurance audit that examines whether the Department of Home Affairs, as policy and regulatory lead, has an effective approach to protecting Australia’s assets of national significance and supports asset owners and operators to improve their resilience to attacks. It makes seven recommendations aimed at: the use of risk management to inform decision-making; establishing an engagement strategy; having appropriate performance measurement; improving the existing framework to manage compliance; and support and review the effective use of all available regulatory tools. Australian National Audit Office
2022 The Commonwealth Cyber Security Posture in 2022 (External link) A report on the implementation of cyber security measures across the Commonwealth government for the period January 2021 to June 2022, its findings indicate that the cyber security posture across the Commonwealth is well-established in some areas but requires improvement in others. Australian Government
2022 ACSC Annual Cyber Threat Report 2021-22 (External link) A report that provides an overview of key cyber threats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online. It identifies 7 key cyber security trends in the 2021–22 financial year. Australian Cyber Security Centre
2023 Cybersecurity: Cloud Computing Products (External link) An assessment of a select a range of agencies, including government departments, a local council, a water authority, a health service and other entities approach to cybersecurity, the report makes 7 recommendations to address weaknesses and improve cybersecurity. Victorian Auditor-General's Office