More than a third of federal government agencies aren't taking steps needed to defend against cyber attacks, a new snapshot reveals.
The Commonwealth public service is behind in rolling out changes required to stop potentially serious and embarrassing breaches of their IT systems, the latest figures show.
Only 62 per cent of agencies had taken the steps needed to make their technology secure, including those set out by electronic security agency the Australian Signals Directorate.
The figure, from 2017-18, has barely lifted compared to results from previous years.
The Attorney-General's Department report on government performance in following security measures also shows a drop in agencies properly classifying and controlling information.
Agencies adopting controls of electronic and paper "information assets" matching their value and sensitivity fell more than 5 per cent.
"This change is attributed to some entities identifying gaps in their approaches following review of their policies and security measures regarding appropriate levels of protection for information assets," the report said.
The introduction of new technologies, such as tablets with voice and video conferencing capabilities, prompted agencies to review how they classified and controlled information.
Agencies reported they were mitigating the risks from their failure to meet the benchmark, the department said.
MORE PUBLIC SERVICE NEWS:
The findings were among disappointing figures in a report that also showed only 40 per cent of federal agencies met all government security requirements. This was up from 34 per cent the previous year, and the Attorney-General's Department reported the government's security was "broadly sound".
Federal agencies on average followed 92 per cent of the steps the department said was needed to prevent security breaches.
Cyber security experts said the lag in tightening IT protections inside government showed a need to lift literacy about threats.
Australian National University lecturer in national security Adam Henschke said more work was needed within government and the community to raise awareness about information security.
UNSW Canberra Cyber director Nigel Phair said while the federal public sector was advanced in protecting against cyber attacks, threats were becoming stealthier.
There was a risk of IT security breaches for the government until all agencies met the Attorney-General Department's cyber benchmarks, he said.