{"id":187811,"date":"2026-02-16T08:07:00","date_gmt":"2026-02-16T13:07:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/16\/govt-agencies-fail-to-report-cyber-incidents-information-age\/"},"modified":"2026-02-16T08:10:09","modified_gmt":"2026-02-16T13:10:09","slug":"govt-agencies-fail-to-report-cyber-incidents-information-age","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/16\/govt-agencies-fail-to-report-cyber-incidents-information-age\/","title":{"rendered":"Govt agencies fail to report cyber incidents | Information Age"},"content":{"rendered":"<p><a href=\"https:\/\/ia.acs.org.au\/article\/2026\/govt-agencies-fail-to-report-cyber-incidents.html\">Govt agencies fail to report cyber incidents | Information Age<\/a><\/p>\n<p><a href=\"https:\/\/ia.acs.org.au\/article\/2026\/govt-agencies-fail-to-report-cyber-incidents.html\">https:\/\/ia.acs.org.au\/article\/2026\/govt-agencies-fail-to-report-cyber-incidents.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-16 08:07:00<\/a><\/p>\n<p>Source Domain: <a href=\"ia.acs.org.au\">ia.acs.org.au<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>\t    The Australian Signals Directorate study found public servants not escalating cyber incidents. Photo: Shutterstock<\/p>\n<p>\t    Federal government entities are not reporting cyber incidents to the country\u2019s main intelligence agency and more than three in four still haven\u2019t put basic protections in place, a new report has found.<br \/>\nThe Australian Signals Directorate\u2019s (ASD) Commonwealth Cyber Security Posture in 2025 was tabled in Parliament last week after being handed to the government late last year.<br \/>\nIt details the level of cybersecurity measures implemented across the near-200 government entities, based on a survey of these agencies.<br \/>\nThe report reveals low rates of cybersecurity incident reporting to ASD.<br \/>\nIn 2024-25, just 35 per cent of entities said they reported at least half of all cybersecurity incidents that were observed on their networks.<br \/>\nUnder Protective Security Policy Framework (PSPF), Australian entities are required to report \u201csignificant or externally reportable\u201d cybersecurity incidents to ASD.<br \/>\n\u201cThe low rate of reporting may be due to a proportion of entities experiencing a high number of low-impact incidents, which they do not consider to meet the reporting threshold,\u201d the report said.<br \/>\nReporting to ASD has slightly improved from last year, but dropped from 42 per cent in 2022-23.<br \/>\nMany public sector workers are also not reporting cyber incidents to their higher-ups, with nearly 40 per cent not reporting four in five cyber incidents to senior executives.<br \/>\nBasic cyber protections<br \/>\nThe report also details the number of agencies that have implemented the Essential Eight cyber mitigation strategies.<br \/>\nJust over one in five entities have reached Level 2 maturity under the Essential Eight.<br \/>\nThe Essential Eight spans four maturity levels, with level 2 focusing on preventing malicious actors \u201cwilling to invest more time in a target and\u2026in the effectiveness of their tools\u201d.<br \/>\nThe agencies particularly lag when it comes to application control, user application hardening and multi-factor authentication, which only 34 per cent had implemented.<br \/>\nThe presence of legacy technologies and systems is the main thing agencies said is holding them back in implementing the Essential Eight, with nearly 60 per cent listing this as the main impediment, followed by a lack of dedicated funding and a lack of a viable replacement.<br \/>\n\u201cFindiings in this report indicate that, overall, Australian government entities have established corporate governance mechanisms to understand their security risks and prepare for cyber threats,\u201d the ASD report said.<br \/>\n\u201cThe findings also indicate improvement is required in some areas and progress in others.\u201d<br \/>\nThe dangers of legacy tech<br \/>\nASD said that legacy IT presents \u201csignificant and enduring risks to the cybersecurity posture of government entities\u201d.<br \/>\nMore than 80 per cent of government entities now have a cybersecurity strategy, up from three-quarters in the previous year.<br \/>\nAnd more than 90 per cent have addressed potential cybersecurity disruptions in their business continuity and disaster recovery planning, and nine-in-ten have an incident response plan.<br \/>\nWhile the majority of entities provide annual cybersecurity training, less than half also provide annual privileged user training.<br \/>\nASD responded to 408 cybersecurity incidents reported to it by entities in 2024-25, accounting for a third of all incidents it responded to in the year.<br \/>\nA recent Audit Office of NSW inquiry into local governments found that many were \u201cnot effectively\u201d managing cybersecurity risks, presenting an \u201cunmitigated risk to the security of information and assets\u201d.<br \/>\nThe federal government has launched its 2023-2030 Cyber Security Strategy with an aim to make Australia one of the most cyber-secure nations in the world by the end of the decade and legislated the country\u2019s first Cyber Security Act in late 2024.<br \/>\nThis made it law to report ransom payments to the government and included initiatives to boost collaboration with the government during cybersecurity incidents.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Govt agencies fail to report cyber incidents | Information Age https:\/\/ia.acs.org.au\/article\/2026\/govt-agencies-fail-to-report-cyber-incidents.html Publish Date: 2026-02-16 08:07:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":187812,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/ia.acs.org.au\/content\/dam\/ia\/article\/images\/2025\/aus%20flag%20digital.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-187811","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187811"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=187811"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187811\/revisions"}],"predecessor-version":[{"id":187813,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/187811\/revisions\/187813"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/187812"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=187811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=187811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=187811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}