Report or respond to a cyber incident

What to do and who to contact when you need help with a cyber security incident if you are a government department or agency.

If you or your businesses have been impacted by a cyber incident you should contact the Australian Cyber Security Centre

Cyber incidents can affect any organisation at any time.

The most important thing is to act quickly. The sooner you respond, the better you can contain the problem and prevent harm.

The most common cyber incidents affecting Victorian Government organisations are:

  • phishing - spam emails that try to trick you
  • malware incidents (including ransomware) - virus software installed on your computer
  • denial of service attacks - where hackers block users from accessing a service they usually have access to
  • data breaches - caused by malicious cyber-attacks or human error

Report a cyber incident

Victorian Government organisations must report cyber incidents to the Victorian Government Cyber Incident Response Service.

The service operates 24/7, 365 days a year and provides Victorian Government organisations with expert incident response support.

Examples of cyber incidents that must be reported

All cyber security incidents that disrupt government systems or services must be reported even if the impact is minimal. This includes:

  • an unexplained outage (e.g. system become unavailable or not working as expected)
  • a compromise to government information (e.g. data or privacy breach)
  • cyber incidents affecting critical infrastructure and essential services providers

The Cyber Incident Response Service was established under the Victorian Government Cyber Security Strategy 2016-20. It's funded by the Department of Premier and Cabinet.

Respond to a cyber incident

If you work in government and you believe you have experienced a cyber incident, contact your IT team (or your IT Security team, if you have one) - they will be able to help you respond to the incident.

If you are a private industry organisation, you can request assistance from the Australian Cyber Security Centre on 1300 CYBER1 (24/7).

Cyber incident response steps

  1. Investigate whether a problem has occurred. Talk with staff and review logs to determine whether a compromise has occurred.
  2. Fix the problem. Remove any viruses from your networks, or close identified gaps in your network. For example, remove an infected device from a network; take systems or databases offline while you investigate the incident.
  3. Double-check the problem is gone. Scan your networks to confirm that no viruses remain, or that gaps have been properly closed before restoring systems/services to operation.
  4. Review your response. What worked well and what didn't during the response process? Note the lessons learnt and update your incident response plan.

Cyber incident response plan

For more information about responding to cyber incidents, download a copy of the cyber incident response plan template for Victorian Government organisations:

Victorian Government cyber incident response plan template
Word 758.59 KB
(opens in a new window)

Updated