Report or respond to a cyber incident

Slot game What to do and who to contact when you need help with a cyber security incident if you are a government department or agency.

If you or your businesses have been impacted by a cyber incident you should contact the 

Cyber incidents can affect any organisation at any time.

Slot gameThe most important thing is to act quickly. The sooner you respond, the better you can contain the problem and prevent harm.

The most common cyber incidents affecting Victorian Government organisations are:

  • phishing - spam emails that try to trick you
  • malware incidents (including ransomware) - virus software installed on your computer
  • denial of service attacks - where hackers block users from accessing a service they usually have access to
  • data breaches - caused by malicious cyber-attacks or human error

Report a cyber incident

Slot gameVictorian Government organisations must report cyber incidents to the Victorian Government Cyber Incident Response Service.

The service operates 24/7, 365 days a year and provides Victorian Government organisations with expert incident response support.

Examples of cyber incidents that must be reported

All cyber security incidents that disrupt government systems or services must be reported even if the impact is minimal. This includes:

  • an unexplained outage (e.g. system become unavailable or not working as expected)
  • a compromise to government information (e.g. data or privacy breach)
  • cyber incidents affecting critical infrastructure and essential services providers

The Cyber Incident Response Service was established under the Victorian Government Cyber Security Strategy 2016-20. It's funded by the Department of Premier and Cabinet.

Respond to a cyber incident

If you work in government and you believe you have experienced a cyber incident, contact your IT team (or your IT Security team, if you have one) - they will be able to help you respond to the incident.

If you are a private industry organisation, you can request assistance from the Australian Cyber Security Centre on 1300 CYBER1 (24/7).

Cyber incident response steps

  1. Investigate whether a problem has occurred. Talk with staff and review logs to determine whether a compromise has occurred.
  2. Fix the problem. Remove any viruses from your networks, or close identified gaps in your network. For example, remove an infected device from a network; take systems or databases offline while you investigate the incident.
  3. Double-check the problem is gone. Scan your networks to confirm that no viruses remain, or that gaps have been properly closed before restoring systems/services to operation.
  4. Review your response. What worked well and what didn't during the response process? Note the lessons learnt and update your incident response plan.

Cyber incident response plan

Slot gameFor more information about responding to cyber incidents, download a copy of the cyber incident response plan template for Victorian Government organisations:

Slot gameReviewed 29 July 2020

Contact the Cyber Security Unit

Department of Premier and Cabinet

Was this page helpful?