The NSW Government has delivered a new cyber security Strategy to reinforce all-of-government coordination to protect against key risks, with a strengthened focus on securing critical infrastructure and third-party supply chains.
This strategy builds on the foundations of the 2021 strategy, which supported the state in responding to over 500 cyber threat notifications across government and training more than 190,000 employees in cyber awareness. In February 2023, the NSW Government put in place an updated NSW Cyber Security Policy,
The 2026–2028 NSW Government Cyber Security Strategy reshapes how government protects and oversees its systems by establishing clearer roles and tighter coordination between government agencies and stronger central supports.
The strategy also outlines a new assurance framework, strengthened audit responsibilities and faster, standardised reporting of cyber incidents, building on mandatory 24-hour reporting that commenced in August 2025.
The strategy guides NSW Government departments, public service agencies and statutory authorities. It does not formally extend to state-owned corporations, non-government organisations, local government or universities.
Five strategic objectives
The strategy includes five strategic objectives: strengthen risk management, governance and compliance; improve incident response and cyber intelligence capability; uplift cyber resilience; drive continuous development of cyber security tools, processes and methodology; and support NSW communities to be cyber safe.
To achieve these objectives, NSW Government agencies will improve OT and IoT risk management to protect critical government infrastructure, systems and community-facing services; streamline cyber intelligence products and threat detection software by reducing duplication across agencies; and identify and prioritise protection of critical assets, aligning with recognised frameworks to strengthen resilience.
Agencies will also adopt a modern defensive architecture approach applying secure-by-design and zero trust principles to improve cyber resilience; align cyber incident response and business continuity plans with the State Cyber Security Emergency Plan; and embed a strong security culture through tailored programs and practical guidance that empower all staff to adopt and maintain cyber-safe behaviours.
Maintaining trust is 'essential'
Minister for Customer Service and Digital Government, Jihad Dib, said with more people relying on digital government services than ever before, protecting data and maintaining trust is essential.
“As cyber threats become more complex, ‘set and forget’ is not an option," he said.
"This strategy allows us to adapt and respond to the ever-changing cyber risk landscape."
_(27).jpg&h=142&w=230&c=1&s=1)
_(21).jpg&h=142&w=230&c=1&s=1)
.jpg&w=100&c=1&s=0)
