In brief

In brief

  • For public sector organisations, security threats are rapidly evolving and their impacts are increasingly widespread.
  • Employees play a critical role in maintaining security, driving the agenda, and ensuring compliance across the board.
  • A survey reveals that many Australian public sector workers don’t fully understand the role they play in keeping their agency safe.
  • Accenture reveals how agencies can mitigate threats and build resilience from the inside out – starting with a greater focus on people.

There’s no silver bullet when it comes to cyber security: No single technology, solution or device can mitigate all threats. But, working together, they strengthen defences and help protect data, citizens and government. One piece of the puzzle that’s so often overlooked, though, is people.

Our latest research shows that while public sector employees appreciate the importance of keeping citizens’ data secure, there’s a disconnect between the responsibility they place on their agency to do this and their own contribution.

95% of Australian employees are confident their agency’s cybersecurity measures are effective. Yet, only:


Are aware of what to do in a cyber emergency.


Adhere to prescribed privacy and security procedures.


Feel very involved in keeping citizen data secure.

Government agencies rely on passwords, training and technology to secure citizen data. And, of course, this is important. But the most sophisticated technology can be bypassed if people are not using it in the correct way or assuming others are taking responsibility for keeping data safe. Similarly, the impact of a cybersecurity threat can be greatly exacerbated when people are unsure of what to do in an emergency.

The welcome news is that 89% of Australian public servants want to be involved in keeping citizen data secure.

So, how can agencies act on this positive attitude and help employees stay responsible and vigilant?

1. Develop a safety culture across the workforce

  • Robust policies and procedures need to become embedded in how everyone operates, every day. And, as our research shows, educating people about this has some way to go.
  • Develop a human-centred security curriculum that’s tailored to specific roles.
  • Raise behavioural awareness by encouraging healthy scepticism and adding security drills to routine operations.
  • Create incentives and rewards for adopting the right behaviours – only 63% of Australian workers reported incentives for good practice.

2. Adapt to changing threats

  • As agencies incorporate new technologies to connect with citizens, they also need to consider how these changes make their agency more vulnerable.
  • Consider what data and assets might be of value to an adversary. These ‘crown jewels’ are not always the same as what an agency considers a priority to protect.

3. Engage the power of ‘Human+’ workers

  • The real power of technology comes from its integration with people in a seamless interface. Creating layers of resilience can often be better achieved by having machines and people working together.

4. Operate (and secure) beyond boundaries

  • Ensuring truly robust public services means building an ecosystem of partners with a focus on collaboration, learning and the development of trust. Only then can all organisations enhance their cyber resilience at speed and scale.

Read our Australian blog perspective here.

About the Authors

Chris McNally

Managing Director – Accenture Security – Health & Public Service Clients – ANZ

Joseph Failla

Managing Director – Security Lead, Australia & New Zealand

Brian Lee-Archer

Managing Director – Consulting, Health & Public Service, ANZ

Angelo Friggieri

Senior Manager – Accenture Security – ANZ


2019 cost of cybercrime study
Securing the future enterprise, today

Subscription Center
Stay in the know with our newsletter Stay in the know with our newsletter