Build resilience in government service delivery

Just as we are resilient to Queensland’s natural disasters, we need to be resilient to the cyber security threats facing our state.

Objectives

  • Prioritise the protection of critical government assets and services with targeted investment and initiatives.
  • Expand the delivery of common uplift services to strengthen the cyber security maturity across the sector.
  • Build the cyber threat intelligence function within the sector to further anticipate the evolution of cyber threats.
  • Enhance incident preparation, response and recovery and coordination for large scale events.
  • Promote supply chain cyber resilience for government.

1 in 8 reported cyber crimes in Australia affect state or local government. (Queensland Audit Office, 2024)

The challenge of complexity and fragility

The systems and information that governments depend on to deliver services are becoming more entwined in our way of life. Current and legacy systems are becoming more complex and, in some cases, more vulnerable. Our infrastructure and systems depend more and more on industry partners. The risk is statewide, but the systems are decentralised, and the response is sometimes fragmented.

New technologies including artificial intelligence are creating both opportunities and threats. Understanding and managing these complex, interconnected systems and the information they store and process in this volatile and uncertain environment is a huge task. By supporting cyber security enhanced investments and collaborating across the public sector and our supply chains, we have the best opportunity to overcome these challenges.

28 percent of cybercrimes reported in Australia happen in Queensland, the highest of an Australian state or territory. (Australian Signals Directorate, 2025)

Leading by example: Queensland Government’s role

We will develop and share cyber resilient behaviour patterns, to lead by example. These will reflect international better practice.
We'll update these patterns so they remain current as:

  • the cyber environment changes
  • we learn better ways to prepare for cyber events.

To reduce and manage risks and stay resilient, we will:

  • invest in, and build resilient systems and processes
  • engage with new technologies
  • promote a culture of cyber security excellence in our people and those we work with
  • use data and our systems, processes and infrastructure.

Working together

Cyber resilience depends on everyone playing their part. Organisations that provide services for Queenslanders, and our suppliers in the public, not-for-profit and private sectors all must keep building their cyber resilience.

Embedding cyber security into service delivery

We will embed cyber security into the foundations of customer facing digital services to ensure they’re:

  • secure
  • seamless
  • resilient.

This will enable innovation and empower the public sector to transform the customer experience without compromising safety, privacy or trust.

How we’ll get there

To deliver on our objectives, the Queensland Government will:

  • prepare and exercise incident management and response plans and embed cyber security fundamentals like threat intelligence, training and collaboration into the way we do business
  • expand and target the delivery of common cyber uplift services, advice, policy and guidance
  • leverage the Cyber Security Fund to address critical cyber security risks
  • support cyber enhanced digital and IT systems investments under the $1 billion Queensland Government Digital Fund by promoting ‘secure by design’ principles
  • create economies of scale and increase collaboration by making cyber security products and services available to Queensland Government including local government
  • adopt new technologies such as artificial intelligence and new approaches like ‘zero trust’ to strengthen preparedness, defences and cyber teams’ capability
  • educate small and family business on cyber threats and recovery strategies and connect them with resources, programs and support such as Cyber Wardens
  • develop cyber resilience across system lifecycles and supply chains by uplifting cyber risk management and improving procurement guidelines and tools to deliver sustainable, secure and resilient operations
  • maximise use of common cyber procurement panels and standing offer arrangements to promote common solutions, enable targeted engagement with pre-qualified suppliers and simplify purchasing for state and local government
  • support local cyber businesses by connecting suppliers and government to enhance government supply chains, maximise workforce opportunities and strengthen local capability.
Last updated:
12 November 2025