A decision by the former New South Wales Coalition government’s not to fund the state’s cybersecurity agency beyond next financial year, despite the growing importance of response and recovery, is contributing to financial pressures ahead of the Budget.
Newly minted Treasurer Daniel Mookhey identified a $70 million shortfall in funding for Cyber Security NSW and its whole-of-government programs as an area the Minns government will be forced to address in its first Budget in September.
“We have been left with around $7bn of difficult to avoid pressures over the next four years, including in an unfunded nursing workforce program, Out of Home Care and in the office of cybersecurity,” Mr Mookhey said.
In identifying Budget pressures, as well as laying the seed for potential changes and cuts, the government has delayed the release of the Budget by three months – a decision also taken by the former government when it entered office in 2011.
The Treasurer said “unfunded programs”, like Cyber Security NSW, were in addition to other macro-economic challenges and “historic debt”, meaning “tough choices” would likely need to be taken in the months ahead.
“These challenges can’t be fixed overnight, it will take time and there will be tough choices. But I’m confident we have the right rescue team in place to ensure we can focus on rebuilding our essential services and investing in the people who look after us,” Mr Mookhey said.
Cyber Security NSW was established in 2018 and was significantly expanded from 2020 following a $60 million injection through the state’s Digital Restart Fund, which contains a $315 million carve-out for cybersecurity over three years.
The funding was used to create many as 75 new positions, allowing the agency to extend support to small agencies and councils and establish a small in-house cybersecurity vulnerability management centre.
According to NSW Treasury analysis, funding for Cyber Security NSW will cease from 2024-25 financial year, with the continuation of services over four years estimated to cost $70 million.
“Extension would enable continued delivery of services in enhancing NSW customer resilience to cyber threats and support delivery of government cyber security services,” the analysis states.
In an audit earlier this year, Cyber Security NSW was found to have “no plan” to realise its maturity uplift target – a key element of the business case behind its 2020 expansion – and could not “demonstrate its progress towards improving cyber resilience”.
The agency was also shown to be struggling to impact the local government sector because it has “no authority’ and no formal plan to engage councils, with guidelines developed in response to an earlier audit delayed more than a year.
In response to the audit, NSW Labor committed to review the agency’s operations to ensure the government is adapting to emerging threats and that cyber security knowledge is being prioritised at the highest levels of decision-making.
Finance minister Courtney Houssos, who will lead a “comprehensive” review of expenditure ahead of the September Budget, on Monday said the extent of the unfunded programs had come to light in recent weeks.
“There’s… a range of programs across government that are unfunded beyond a short timeframe, some of which have been publicly outlined in recent weeks,” she said.
“These include shortfalls in funding for Cyber Security NSW and a 1112-strong nursing workforce which will run out of funding within months, as well as a funding shortfall in Out of Home Care.
“The Treasurer and I will work through those over the coming weeks and months, but we’re being upfront and honest with the people of NSW about the pressures we are inheriting.
“We have a lot of work ahead of us, but we’re ready for the challenge.”
Do you know more? Contact James Riley via Email.