Why Australian state governments need stronger cyber defence

Australians have been victims of numerous cybersecurity breaches in recent years, with major businesses across sectors dominating headlines. However, cyber criminals are not only targeting large corporations — they are also going after federal, state and local government organisations, seeking prized access to personal data and commercially sensitive information.

This year alone, the Legal Practice Board of Western Australia, the Australian Human Rights Commission, the New South Wales Department of Communities and Justice, The Australian New Zealand Clinical Trials Registry, the Australian National University, and the Muswellbrook Shire Council have all reported breaches. As threats accelerate and global supply chains become more interconnected, cyber resilience must be seen as a matter of both national security and economic competitiveness. This responsibility falls on all private and public sector entities across Australia.

Australian policymakers are aware of the growing threat landscape. State governments are wisely increasing their IT and cybersecurity spends, while the federal government has led reforms such as the Australian Signals Directorate’s Cyber Security Partnership Program. The public consultation process for Horizon 2 of the 2023-2030 Australian Cyber Security Strategy is an ongoing initiative, seeking to embed robust cybersecurity standards across society and strengthen national resilience through collaboration. By building on these examples through greater collaboration, integrated systems, and more efficient approaches, state governments can strengthen their defence. Let’s take a look at the key priorities for modernising cybersecurity across agencies.

Breaking down silos in state cybersecurity

Siloed security systems across state government agencies (such as justice and policing, health, or education) can lead to duplicated efforts, slower response times, and project overspends. State government agencies need to consider moving away from these fragmented approaches and shift to more consolidated security operations into a unified, AI-powered platform.

Collaboration in the private sector can bring additional expertise, knowledge sharing and threat intelligence that many state government agency IT departments cannot be expected to be across by themselves. Public and private collaborations enable scalable, sustainable security modernisation, ensuring state agencies can adapt to threats while managing resources effectively.

Practical considerations for modernisation

Moving towards a more modern cybersecurity strategy requires more than new technology; it demands a shift in how governments think about efficiency, risk, and accountability. A few considerations stand out as particularly important:

• Cost rationalisation: Fewer tools mean lower licensing, maintenance and training costs.
• Simplified operations: A unified security platform reduces administrative burden.
• Safely leveraging AI: Tracking and monitoring AI usage for every employee.
• Faster threat response: AI-driven automation speeds up detection and mitigation.
• Improved compliance: Centralised visibility enables continuous monitoring for reporting and compliance obligations.
   

Pooling capabilities across agencies amplifies these benefits. Collective resilience ensures that emerging threats are met consistently, rather than leaving individual agencies at different levels of preparedness.

Harnessing AI and automation responsibly

AI and automation are transforming the way organisations defend themselves against cyber threats, and state governments have much to gain from these developments. Modern AI engines are capable of analysing and triaging millions of potential incidents every day, something no human team could ever manage. By automating the routine but critical tasks of detection, analysis and initial response, AI frees up human experts to focus on the most complex and high-stakes challenges.

The impact is already visible in environments where AI is fully embedded in security operations. Key performance metrics such as Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) can be reduced dramatically, sometimes to less than a minute from detection to resolution. For governments, this kind of speed is invaluable. It can mean the difference between a contained incident and a widespread disruption to public services.

Of course, technology alone is not the solution. Partnerships between public agencies and private innovators are essential to ensure that AI is deployed responsibly, with transparency and accountability built in. Used well, AI is a tool for catching up to cyber criminals and a way for state governments to get ahead of them.

Securing the cloud as state governments modernise

As state governments modernise their digital infrastructure, cloud adoption is accelerating. From hosting citizen services to managing sensitive data, cloud platforms now sit at the core of many agency operations. But while the cloud provides scalability and flexibility, it also introduces new risks that traditional security models are not designed to handle.

International standards offer one pathway for assurance. For example, the FedRAMP High Authorisation framework in the United States provides a benchmark for how sensitive but unclassified data can be secured in cloud environments. Aligning with such frameworks helps ensure that governments in Australia and across the Asia Pacific maintain high levels of protection even as their systems become more interconnected.

Public and private partnerships are utterly essential. The pace of cloud innovation makes it difficult for state agencies to secure these environments alone. Working with trusted vendors helps ensure compliance, agility and built-in security, without adding complexity or risking visibility gaps.

Stronger states, safer citizens

Cybersecurity has moved to the centre of state governance. Australians expect that the personal information they entrust to government will be kept safe, and any failure to deliver on this expectation undermines both public confidence and national resilience. For states, the challenge is to respond to today’s threats and prepare for the risks of tomorrow.

By breaking down silos, harnessing the power of AI responsibly and securing cloud environments with rigour, state governments can build stronger, smarter, and more sustainable defences. None of these steps can be taken in isolation, they require cooperation across agencies, alignment with federal frameworks, and close collaboration with trusted industry partners.

The message is clear: modernising state government cybersecurity is a critical investment in protecting citizens.

Image credit: iStock.com/JuSun