More than a third of local councils across NSW are still without basic internal controls and governance arrangements for cyber security, the state’s auditor-general has revealed.
In its annual audit of the local government sector, the NSW Audit Office found poor management of cyber security at 58 of the state’s 128 local councils, nine county councils and 13 joint organisations.
“Fifty-eight councils have yet to implement basic governance and internal controls to manage cyber security,” the report [pdf] released on Thursday said.
It said this included “a cyber security framework, policy and procedure, register or cyber incidents, penetration testing and training”.
Bellingen Shire Council was singled out in the report for its lack of a cyber risk framework and policy (a repeat finding), as was Maitland City Council for having gaps in its cyber security controls.
Newcastle City Councils was similarly found to have no formal IT policies and procedures for cyber security, as well as access management and incident management.
Maitland City Council and Newcastle City Council were also found to have no cyber security awareness program.
While…
