If you have been impacted by cyber incident contact:
- Individuals and private businesses should contact the
- Victorian Government organisations should contact the Cyber Incident Response Service on or
The Cyber Incident Response Service is available to Victorian Government organisations only. Private individuals and business organisations should instead contact the Australian Cyber Security Centre.
Cyber incidents can affect any organisation at any time.
The most important thing is to act quickly. The sooner you respond, the better you can contain the problem and prevent harm.
The most common cyber incidents affecting Victorian Government organisations are:
- phishing - spam emails that try to trick you
- malware incidents (including ransomware) - virus software installed on your computer
- denial of service attacks - where hackers block users from accessing a service they usually have access to
- data breaches - caused by malicious cyber-attacks or human error
Report a cyber incident
Victorian Government organisations must report cyber incidents to the Victorian Government Cyber Incident Response Service.
Our service operates 24/7, 365 days a year and provides Victorian Government organisations with expert incident response support
Examples of cyber incidents that must be reported
All cyber security incidents that disrupt government systems or services must be reported even if the impact is minimal. This includes:
- an unexplained outage (e.g. system become unavailable or not working as expected)
- a compromise to government information (e.g. data or privacy breach)
- cyber incidents affecting critical infrastructure and essential services providers
Respond to a cyber incident
If you believe you have experienced a cyber incident, contact your IT team (or your IT Security team, if you have one). Your IT experts should be able to help you respond to the incident.
If you need further assistance, contact the Victorian Government Cyber Incident Response Service:
Cyber incident response steps
- Investigate whether a problem has occurred. Talk with staff and review logs to determine whether a compromise has occurred.
- Fix the problem. Remove any viruses from your networks, or close identified gaps in your network. For example, remove an infected device from a network; take systems or databases offline while you investigate the incident.
- Double-check the problem is gone. Scan your networks to confirm that no viruses remain, or that gaps have been properly closed before restoring systems/services to operation.
- Review your response. What worked well and what didn't during the response process? Note the lessons learnt and update your incident response plan.
Cyber incident response plan
For more information about responding to cyber incidents, download a copy of the cyber incident response plan template for Victorian Government organisations:
Ask for help if you are unsure about how to respond to a cyber incident by contacting the Victorian Government Cyber Incident Response Service:
Reviewed 07 January 2020