Report or respond to a cyber incident

What to do and who to contact when you need help with a cyber security incident if you are a government department or agency.

If you have been impacted by cyber incident contact:

The Cyber Incident Response Service is available to Victorian Government organisations only. Private individuals and business organisations should instead contact the Australian Cyber Security Centre.

Cyber incidents can affect any organisation at any time.

The most important thing is to act quickly. The sooner you respond, the better you can contain the problem and prevent harm.

The most common cyber incidents affecting Victorian Government organisations are:

  • phishing - spam emails that try to trick you
  • malware incidents (including ransomware) - virus software installed on your computer
  • denial of service attacks - where hackers block users from accessing a service they usually have access to
  • data breaches - caused by malicious cyber-attacks or human error

Report a cyber incident

Victorian Government organisations must report cyber incidents to the Victorian Government Cyber Incident Response Service.

Our service operates 24/7, 365 days a year and provides Victorian Government organisations with expert incident response support

Examples of cyber incidents that must be reported

All cyber security incidents that disrupt government systems or services must be reported even if the impact is minimal. This includes:

  • an unexplained outage (e.g. system become unavailable or not working as expected)
  • a compromise to government information (e.g. data or privacy breach)
  • cyber incidents affecting critical infrastructure and essential services providers

The Cyber Incident Response Service was established under the Victorian Government Cyber Security Strategy 2016-20. It's funded by the Department of Premier and Cabinet.

Respond to a cyber incident

If you believe you have experienced a cyber incident, contact your IT team (or your IT Security team, if you have one). Your IT experts should be able to help you respond to the incident.

If you need further assistance, contact the Victorian Government Cyber Incident Response Service:

If you are a private industry organisation, you can request assistance from the Australian Cyber Security Centre on 1300 CYBER1 (24/7).

Cyber incident response steps

  1. Investigate whether a problem has occurred. Talk with staff and review logs to determine whether a compromise has occurred.
  2. Fix the problem. Remove any viruses from your networks, or close identified gaps in your network. For example, remove an infected device from a network; take systems or databases offline while you investigate the incident.
  3. Double-check the problem is gone. Scan your networks to confirm that no viruses remain, or that gaps have been properly closed before restoring systems/services to operation.
  4. Review your response. What worked well and what didn't during the response process? Note the lessons learnt and update your incident response plan.

Cyber incident response plan

For more information about responding to cyber incidents, download a copy of the cyber incident response plan template for Victorian Government organisations:

Contact us

Ask for help if you are unsure about how to respond to a cyber incident by contacting the Victorian Government Cyber Incident Response Service:

Reviewed 07 January 2020

Contact the Cyber Security Unit

Department of Premier and Cabinet

Was this page helpful?