Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 12 Feb 2026
Last updated: 12 Feb 2026

Content written for

Large organisations & infrastructure
Government

The Australian Government remains committed to strengthening cyber resilience across all Commonwealth entities.

Two key reports released this month – the 2024–25 Protective Security Policy Framework (PSPF) Assessment Report and the 2025 Commonwealth Cyber Security Posture Report – highlight progress is being made, though there remains more work to be done.

The PSPF Assessment Report shows 92% of entities achieved an overall rating of Effective compliance under its new compliance-based reporting model.

While information security scored highly, technology security, inclusive of cyber security remains an area for improvement, with 79% of entities reporting effective compliance.

The 2025 Commonwealth Cyber Security Posture Report highlights ongoing progress in implementing the Australian Signals Directorate’s Essential Eight mitigation strategies.

In 2025, 22% of entities reached Maturity Level 2 when compensating controls were considered – up from 15% in 2024, however entities have not reached parity with 2023 levels when 25% of entities reached Maturity Level 2. In November 2023, ASD increased and hardened the controls required to reach Maturity Level 2 in response to the threat environment. Other improvements include:

  • 90% of entities now have an incident response plan (up from 86%).
  • 82% have a cyber security strategy (up from 75%).
  • 91% have a planned body of work to improve cyber security.
  • 87% provide annual cyber security training to staff.

Stephanie Crowe, Head of the Australian Signals Directorate’s Australian Cyber Security Centre said: “Cyber security uplift is not a one-off exercise—it’s a continuous process. These reports show we’re heading in the right direction, but the threat environment is evolving, and so must we.”

Brendan Dowling, Deputy Secretary Critical Infrastructure and Protective Security said: “The Government is accelerating the security uplift of its most critical digital infrastructure under the Systems of Government Significance regime. Delivering this program is an important step in achieving our vision of government as an exemplar for good security.”

To strengthen their cyber resilience, entities are encouraged to:

  • Continue implementing ASD’s Essential Eight mitigation strategies to at least Maturity Level 2.
  • Prioritise effective logging to ensure entities are best placed to identify malicious activity
  • Implement strategies for managing legacy IT now and into the future
  • Ensure supply chain risk assessments are a core output for new IT procurements
  • Increase cyber security incident reporting and maintain a regularly tested incident response plan
  • Start preparing for Post Quantum Cryptography by locating and assessing algorithms that will need to transition to more secure forms of encryption.
  • Provide annual cyber security and privileged user training to staff.

These steps, combined with ongoing collaboration across government and industry, will help ensure Australia’s systems remain secure against evolving threats.

Was this helpful?
Yes this was helpful
No this was not helpful

Thanks for your feedback!

We welcome additional feedback below.

Was this information easy to understand?
Will you take action after reading this?
Did you find the information you were looking for?
Did the design and layout of this page meet your expectations?