The Australian Signals Directorate (ASD) released its annual Commonwealth cyber security posture report for the 2024–25 financial year. The report highlighted significant gaps in cyber-threat reporting.
ITnews reports that only 35% of entities reported cyber security incidents to ASD, an increase from last year's 32%, but still relatively low.
Lack of reporting undermines the ASD's ability to promptly detect potential cyber threats before they become widespread. As the report states, "Any degradation in the quantity or quality of information reported to ASD reduces our capacity to support the entity to mitigate the impacts of cyber compromise".
The Protective Security Policy Framework (PSPF) requires non‑corporate Commonwealth entities to report significant or externally reportable cyber incidents. However, many low impact incidents continue to slip through the cracks, leaving an incomplete picture of the threat landscape.
While 62% of entities say they inform senior executives of at least 80% of incidents, reporting often stops at that level. This limited visibility makes it harder for ASD to maintain comprehensive threat intelligence and identify emerging attack patterns across government networks.
Underreporting increases the risk of cyber compromise and prevents the ASD from maintaining comprehensive threat intelligence across government networks. Emerging attack patterns can’t be properly identified or examined, potentially leaving vulnerable entities in the firing line.
Despite these challenges, ASD still notified government organisations 223 times in 2024–2025 about potential malicious activity detected through its own monitoring.
As cyber threats continue to evolve, accurate internal detection monitoring and timely reporting are essential. Expert support is available to ensure your organisation has the right safeguards in place.
Want confidence in your cyber security posture?
Call us on 1300 667 871 or get in touch via our Contact Us page.
