OneCX Program blog

Protecting nsw.gov.au from cyber threats

Published:
15 October 2025
nsw.gov.au platform

Learn about the importance of cybersecurity, the role of NSW public servants and how nsw.gov.au is protected from cyber-attacks.

The OneCX Program, part of the NSW Digital Strategy, is making it easier for people to find and use trusted digital services on nsw.gov.au.

Every year, millions of people rely on nsw.gov.au to access government information and services. Whether it’s starting a business, checking school term dates, or getting emergency updates, customers expect information and services to be safe, reliable and always available. Protecting the platform is not just a technical responsibility. It’s a core part of building trust in government.  

In this blog, we’ll introduce you to cyber security, the role of public servants and how nsw.gov.au prepares for the evolving threats of cyber-attacks. 

Why cybersecurity matters

Cybersecurity refers to all the measures and practices used to protect systems and information from unauthorised access or attack. It ensures information remains confidential, accurate, and available. All of which are critical when people are depending on government services.  

A cyber-attack is a malicious and deliberate attempt to disrupt or gain unauthorised control of an individual or organisation’s systems and information. The impacts can be serious:

  • Service outages stop people from accessing critical information.
  • Financial loss due to the costs of recovery and response.
  • Identity theft or data breaches lead to reduced public trust.

The most common cyber-attacks include:  

  • phishing and smishing (SMS phishing): fraudulent emails or texts designed to steal information
  • malware: malicious software that damages systems or steals data  
  • cross-site scripting (XSS) attack: inserting harmful code into websites  
  • distributed denial of service (DDoS) attack: overwhelming a website with fake traffic so real users can’t get through. 

How nsw.gov.au stays secure

Keeping nsw.gov.au secure is an ongoing process. Guided by the NSW Cyber Security Policy and supported by Cyber Security NSW, the platform has security built into its foundations and continually adapts to new threats.

Our core platform security features include:

  • Secure by design: new features and technology undergo industry-standard vulnerability testing before release, so customers can trust services are safe from the start.
  • Secure operations: the platform is continuously monitored, with alerts and incident response processes ready to act if threats appear.
  • Security compliance: annual audits and monthly reporting ensure the platform meets NSW Government’s mandatory standards.
  • Security assessments: independent experts carry out penetration testing and simulate cyber-attacks, including DDoS, to ensure resilience under real-world conditions. 
Circular diagram showing nsw.gov.au platform security features, including four stages: security assessments, secure by design, secure operations, and security compliance.

Example: In a recent disaster recovery exercise, ethical hackers used 500 bots across 15 countries to simulate 10 million hits per second. nsw.gov.au stayed online. This proved the platform can withstand large-scale attacks. 

The Essential Eight

As a NSW Government digital asset, nsw.gov.au also follows the Essential Eight strategies developed by the Australian Cyber Security Centre.  

These measures are designed to:

  • prevent attacks: patching applications and operating systems, controlling macros, and hardening common tools like web browsers.
  • limit the extent of attacks: restricting admin access and requiring multi-factor authentication (MFA).
  • recover quickly: keeping daily backups so data and services can be restored without long disruptions.
  • remain secure and uninterrupted: auto-healing and scaling technologies allow the website to adapt to higher traffic and quickly replace failed servers.

For agencies, this means continuity of service. For customers, it means peace of mind that even in the face of attempted attacks, services and information remain secure and accessible. 

Graphic of the Essential Eight cyber security strategies showing three layers: prevent attacks (application control, patch applications, configure Microsoft Office macros, user application hardening), limit extent of attacks (restrict admin privileges, patch operating system, multi-factor authentication), and recover data and system availability (daily backups).

Did you know? In 2024, the average cost of a data breach in Australia was roughly $4.26 million AUD (IBM 2025, p. 11).

Beyond the financial impact, the real cost is the loss of trust when people cannot rely on your organisation to keep their information safe. This is why preventing breaches through strong cybersecurity is more effective and far less costly than repairing the damage afterwards.

Your role as a public servant

Technology alone can’t protect against every cyber threat. All NSW public servants play a role in safeguarding systems and customer data:

  • Use strong passwords and multi-factor authentication (MFA).
  • Identify and report cyber incidents or threats.
  • Complete mandatory cyber awareness training and stay up to date on best practices.
  • Handle sensitive and classified information with care.

Think of it like locking the front door to your house. It may feel like a small action, but it protects what’s valuable inside. In the same way, everyday cyber-safe habits protect the information and services that NSW citizens depend on, and together, they build trust in government.  

Learn more about cybersecurity

For the NSW Government, a strong approach to cyber security is crucial for customer confidence in digital services. Explore these resources to continue building your cyber awareness. 

References

IBM 2025, Cost of a data breach report 2025, IBM, viewed 30 September 2025, https://www.ibm.com/reports/data-breach 

Related OneCX Program blogs

OneCX Program blog
What tagging does behind the scenes on nsw.gov.au
Discover how tags connect content, power components, boost search, and prepare for future personalisation and reporting on nsw.gov.au.
OneCX Program blog
Simplifying information with Easy Read
Discover how Easy Read is making government content clearer and more inclusive—with simplified text, images, and a dedicated hub on nsw.gov.au.
OneCX Program blog
PDFs are almost never the answer
Guidelines and recommendations for the use of PDFs versus HTML content on the nsw.gov.au website.

Related information

Stay in touch with the OneCX program

Sign up to our newsletter for regular updates on the program rollout.

Download as PDFPrint this page
Top of page