An audit found councils are not effectively managing cyber risks. Photo: Shutterstock
Vulnerable New South Wales local councils are “not effectively” managing cyber security risks, the Audit Office of NSW has warned, after a review identified “unmitigated risks to the security of information and assets” due to significant gaps in the councils’ cyber security capabilities.
The Cyber Security in Local Government audit, which reviewed risk management and cyber security operational processes at three unnamed state councils, identified a laundry list of shortcomings – including finding that none of the reviewed local governments have up-to-date plans and processes to enable them to detect, respond to, and recover from cyber incidents.
None of the councils had assessed the business value of their information and systems to help prioritise cyber security efforts, and none had assigned cyber security responsibilities for their core systems.
Just one of the three councils had a formal plan to improve cyber security, while none were effectively managing third-party cyber security risks – an often devastating blind spot that has seen organisations like
