NSW government connected third-party cyber attacks quadruple over 2 years

NSW government third-party-linked cyber attacks have quadrupled over the last two years, according to a new report.

As per figures obtained by ITNews through the NSW Government Information Public Access (GIPA) Act, the number of recorded cyber attacks impacting third-party organisations used by the NSW government is four times higher than it was just two years prior.

The findings say that there were 17 cyber incidents linked to third-party organisations used by the NSW government in the 2023–2024 financial year, over double the number recorded in the FY2022–2023 and over quadruple the number recorded in the FY2021–2022.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

“The number of incidents stemming from systems owned or managed by a third party almost tripled, and data breaches associated with third-party compromises are increasing as well,” said NSW chief cyber security officer Andrew Karvinen, with findings sourced from the Cyber Security NSW third annual Government Cyber Threat Report.

The GIPA notification says that incident data only began being reported and recorded by Cyber Security NSW in 2021, after it adopted a “structured framework” that allowed it to more easily identify incident types, such as third-party incidents.

In total, Cyber Security NSW responded to over 200 cyber incidents in the 2024 fiscal year, making differentiating their types crucial for the future of state cyber security.

Responding to a requested breakdown of the numbers, the Department of Customer Service (DCS) said: “The NSW Cyber Security Policy and its associated guidance require NSW government agencies to effectively manage cyber security risks related to third-party service providers.

“This includes implementing key measures such as embedding cyber security requirements into contractual agreements and conducting vendor risk assessments to evaluate and mitigate potential threats.”

Going forward, Cyber Security NSW is set to benefit from $87.7 million that was pledged by the state government, to be delivered over a four-year period. This will add to the existing $20.3 million investment from last year.

VIEW ALL

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

NSW government connected third-party cyber attacks quadruple over 2 years

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED