Skip to main content

Cyber Security Strategy

Victorian Government 2016-2020

Cyber security refers to measures relating to the confidentiality, availability and integrity of information and data that is processed, stored and communicated by electronic or similar means, protecting it and associated systems from external or internal threat.

Transcript download: PDF (48KB) or DOCX (108 KB)


To develop and implement cyber security capabilities, we must preserve and improve the:


› protection of sensitive citizen and other data against loss, malicious alteration, and unauthorised use

› resilience of government services, systems and infrastructure to cyber threats

› continuity of government during and following serious cyber incidents

› protection and security of new digital services for citizens

› coordination of our response to threats against infrastructure, and

› security and viability of Victorian Government core infrastructure.

Strategy overview

Formal executive support and leadership is critical to achieving the required outcomes.

The state’s cyber security challenges require a sustained focus and Whole-of-Victorian-Government collaboration.

Establishing and maintaining appropriate levels of cyber resilience is an ongoing and long-term challenge and commitment.

For most government entities, achieving and sustaining an appropriate level of cyber resilience is too complex a challenge to achieve on its own.

The co-operative three-year planning cycle will provide the opportunity to identify use of shared and common services and build capability based on effective cyber expenditure, supporting sustainable outcomes.

Government wants to leverage its relationships, its internal capability and industry expertise.

Buying intelligently and mitigating identified capability gaps will lead to greater efficiency and stronger cyber resilience than the current piecemeal approach.

Cyber expertise and awareness are critical to preventing and reducing costly and disruptive cyber incidents.

Developing and maintaining the right balance between in-house cyber security skills and the required level and appropriate use of managed security services is required.