Auditor-General finds NSW universities failing to meet cyber security, funding benchmarks
Seven of NSW’s 10 universities are failing to meet their own standards for cyber security, an audit has revealed, facing up to 300 incidents in a single year.
Tertiary
Don't miss out on the headlines from Tertiary. Followed categories will be added to My News.
Seven of NSW’s 10 universities are failing to meet their own standards for cyber security, an audit has revealed, facing up to 300 incidents in a single year despite spending billions on salaries for non-academic staff.
The NSW Auditor-General’s latest report on universities identifies cyber security deficiencies as a “key issue” and a significant financial risk, finding seven of the 10 face cyber security risks “above what they have determined as an acceptable risk level”.
“The volume of incidents ranged from a minimum of two solitary incidents identified by one university over the full year, to a maximum of 300 incidents identified and responded to by another university,” the report found.
Four of the universities audited did not have programs in place to improve security, and one uni not only failed to meet its own standards or have an improvement prgram in place, but was also the only one that had not allocated a budget for cyber security “uplift”.
The universities in question were not identified by name in the report, partly to protect their weaknesses from being exploited.
The troubling findings come as Australian universities spend more of their budgets than ever on administrative staff, the number of which has blown out by 72 per cent in less than 30 years, and three weeks after an attack on Western Sydney University that compromised the personal information of 7500 students was revealed.
The WSU hack is one of several high-profile incidents in recent years, including a data breach at the University of Wollongong in December 2023, and a third-party data breach in August that year affecting University of Sydney students and applicants.
Successive reports by the Auditor-General have for years stressed the need for universities to urgently address security gaps, and last year revealed two out of 13 universities and large subsidiaries suffered financial losses from cyber incidents in 2022.
Australian Strategic Policy Institute cyber technology expert Mike Bareja said the findings should be concerning to university leaders and all Australians.
“The research that’s being done in universities is critical to our national security and strategic direction,” he said.
“Take for example our cutting edge quantum computing research – losing that through theft would be a huge loss for our national interests.”
The lack of priority given to cyber security in the higher education and research sectors was in stark contrast with the banking sector: “It’s a resource-intensive endeavour, but they see it as an investment,” Mr Bareja said.
“Any organisation that is holding information of value should have the necessary resources and money allocated to protecting it.”
Do you have a story for The Daily Telegraph? Message 0481 056 618 or email tips@dailytelegraph.com.au
Sydney Uni clashes with pro-Palestine activists on new protest rules
The University of Sydney administration has once again clashed with pro-Palestine activist students and staff, this time over new rules explicitly banning encampments.
Sydney uni boss was warned radical group on campus
Jewish leaders have accused University of Sydney vice chancellor Mark Scott of failing to act on warnings a radical Islamist group had infiltrated the pro-Palestinian encampment as early as May.