The NSW government has embarked on a redesign of its cyber response and threat intelligence foundation, including incident and emergency response frameworks to enable faster and better coordinated action during significant cyber events.
Marked as a work-in-progress, the reforms follow a recent review that identified issues around processes, escalation pathways and post-incident practices, the NSW government wrote in its new cyber security strategy for 2026-2028.
As part of reforms effective August last year, NSW departments and agencies are now subject to mandatory incident reporting.
Now, incidents must be reported to Cyber Security NSW within 24 hours of their detection and classification for timely escalation and visibility across government.
A revised incident categorisation matrix is to be embedded into the response frameworks, along with business continuity planning.
Speeding up the delivery of relevant intelligence and insights, Cyber Security NSW will provide threat assessment models three times a year instead of annually.
Agencies are also required to develop a lifecycle management plan for all "Crown Jewel" ICT assets, from software, operational technology, internet of things to cloud, under Directive DCS-2025-04, by June 30 this year.
Unpacking the revised strategy
At a high level, the state's new cyber security strategy sets out five different objectives, which the NSW government said will underpin a resilient public sector cyber security posture.
The first two aim to strengthen risk management, governance and compliance while improving incident response and cyber intelligence capability.
Uplifting cyber resilience is another objective, along with continuous development of security tools, processes and methodology.
Supporting NSW communities for cyber safety is the fifth objective, which the government said can be achieved by building confidence and trust, and promoting identity resilience to support individuals caught up in data breaches.
NSW customer service and digital minister Jihad Dib said that trust is at the heart of every interaction between government and the people it serves.
"As our services become increasingly digital, it is essential that people feel confident that their data is secure, their privacy respected and their experience valued," Dib said.
Overall, the strategy will seek to reinforce all-of-government coordination to protect against key risks, while securing critical infrastructure and third-party supply chains, the document stated.
Cyber Security NSW chief Marie Patane said the new strategy provides a clear and practical roadmap for strengthening cyber resilience in the state's public sector.
"It recognises that cyber security is not solely a technical challenge, but a leadership and organisational responsibility that requires strong governance, informed decision making and consistent, shared standards across government," Patane said.
Patane joined Cyber Security NSW from Sydney Metro in February last year.
Over the years, the NSW state government has published several cyber security edicts.
This includes in 2018 [pdf] which focused on risk, 2021 which aimed to join resilience and industry development, and most recently, a cyber security policy for 2023-2024 [version 6.0, pdf] which set mandatory requirements and baselines, to be updated periodically.
_(22).jpg&h=140&w=231&c=1&s=0)
_(23).jpg&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
