Cyber Security Strategy 2018–22

We will deliver the cyber capabilities needed to safeguard our customers’ information and payments.


Cyberspace is the digital fabric that connects:

  • individuals
  • organisations
  • corporate and government entities.

Cyberspace has changed a lot in the last 20 years. We rely on it to deliver essential government services.

We’ve taken important steps to improve our cyber security capability. This ensures the integrity of our infrastructure, systems and data.

To improve our cyber capability, we need to:

  • keep pace with the unpredictable threats of cyberspace so we can use more digital services
  • make sure our digital transactions and customer information are always safe.

Our plan

The Cyber Security Strategy 2018–22 helps us deliver safeguards for customer information and payments.

Our cyber security vision: excellence in cyber security to ensure Australians can safely access government services.

Guiding factors

There are 5 key factors that guide our strategy:

Cyber threats aren’t static

Cyberspace changes all the time and threats increase.

Organisations can’t just build and maintain a stable level of cyber capability. We need to adjust our capability to match growing threats.

Privacy and data security are critical

We’ve seen an increase in privacy and data security threats through:

  • recent ransomware attacks
  • the rising number of innovative hacking incidents.

To keep data safe we need to protect access to information and maintain confidentiality. It’s our duty to safeguard our customers’ information.

Cyber defences need new approaches and technologies

Our defensive controls play a vital role, but cyber criminals can overcome them. We can detect and reduce malicious activity using:

  • active hunting
  • machine learning
  • artificial and cognitive intelligence.

Collaboration is key

We operate within a large cyber ecosystem, which includes:

  • our customers
  • service delivery partners
  • shared services tenant agencies
  • ICT service providers
  • other government agencies.

Weakness in one part can lead to vulnerability in others.

We need a cyber-skilled workforce

Forecasts predict a national and global shortage of cyber security professionals.

We’ll face pressures to fill and maintain future workforce needs.

The changing landscape

Our business

As we shift to digital channels, the risk for malicious cyber activities increases.

We’ve fast-tracked the rollout of digital services. This means:

  • most of our customers will be able to use our digital channels
  • they won’t need to contact us
  • we’ll deliver our ICT framework in a secure way
  • we’ll be able to act on emergency situations or major changes.


Global reports show an increase in cyber security threats. These threats come from:

  • organised criminal groups
  • disaffected individuals
  • nation states.

Insider threats can also be a serious problem.

Reports of cyber security breaches are now commonplace in mainstream media. There are 3 types of cyber security breaches:


This is where an email looks safe but has malicious software. It activates if the recipient clicks a link or attachment. This continues to become more persistent and sophisticated.

Data breaches

This involves unauthorised access and transfer of large quantities of sensitive data.

Identify theft

Criminal groups try to steal personal information and may try to stop your access to online services.

Denial-of-service attacks – which aim to prevent online services being available to users – are also a considerable threat.

What this means

We’re changing the way we process payments and deliver services. Our focus on digital services means there is an increased risk of cyber threats.

To deal with this we must:

  • review our approaches to cyber security often
  • invest in technology, people and processes.

Public awareness of cyber security threats and risks has increased. While this is good news, it adds pressure to protect the information we hold about our customers.

To counter this, we need to increase our staff’s level of security awareness. Cyber security will become a fundamental ingredient of how we do business in the future.

We need to cooperate with government agencies and the private sector to defend against malicious cyber activity. We will do our best to contribute to these efforts.

Our strategic goals

To achieve our cyber security vision we’ll focus on 4 goals.

Defend government services and payments

We will take measures to enhance our ability to detect and respond to cyber threats.

We will improve the protection of:

  • our networks
  • payment systems
  • data
  • services – including our Cyber Security Operations Centre.

Accelerate cyber security capability development

We will improve existing systems to secure our ability to deliver payments and services. We will embrace new technologies and capabilities to meet future cyber threats.

Grow and develop cyber smart people and processes

Our workforce underpins our ability to deliver services in a safe way to Australian citizens in cyberspace.

We need to manage cyber security staff in terms of:

  • recruitment
  • training
  • leadership
  • culture.

Our workforce must become cyber savvy. Everyone needs to play their part to defend our systems and data from unlawful activity.

Foster robust partnerships and communities of excellence

We support Australia’s Cyber Security Strategy. Read it on the Department of Home Affairs website.

We will explore ways to share and cooperate with government agencies and the commercial sector.

Page last updated: 10 December 2021