The government is now operating in accordance with the Guidance on Caretaker Conventions pending the outcome of the 2025 federal election.

Skip navigation
Use space to open navigation items
Listen
Corporate publications

Cybersecurity Strategy 2028

Our Cybersecurity Strategy 2028 outlines how we protect our IT systems and customer information from cyberthreats.

Vision

Comcare’s systems and data are safeguarded against compromise, enabling us to effectively prevent work-related injuries and enhance return-to-work outcomes. We maintain a comprehensive understanding of Comcare’s security posture and implement necessary security controls grounded in sound governance.

Mission

We protect Comcare’s IT systems and customer information against increasing threats from a wide array of adversaries and have the resilience to operate through cyber incidents.

Key drivers

The factors that drive our approach are:

Internal

  • Our operating environment is changing.
  • We hold sensitive personal information, and its systems are key to delivering services to stakeholders.
  • We are embarking on a significant digital transformation across the organisation.

External

  • Emerging technology, including AI, is changing the threat landscape.
  • State actors have an enduring interest in obtaining sensitive information, intellectual property and personally identifiable information to gain strategic and tactical advantage.
  • The Australian Government is enhancing cybersecurity requirements to meet the changing threat environment.

Strategic priorities

Table 1 outlines our strategic priorities to protect against cyberthreats.

Table 1: Comcare's cyberthreat mitigation priorities
Governance foundations Cybersecurity governance and risk management facilitates risk-based decision making and assurance over cyber controls.
Enhanced protection Enhance protection against evolving threats by maturing the technical security controls in our systems.
Security architecture Robust security architecture ensures that security is embedded in our systems.
Cyber culture Support our people to be cyber aware and equip them with the skills and information they need to meet their cybersecurity responsibilities.
Cyber resilience Be prepared to respond and recover from incidents through integrated and aligned response, recovery and continuity capability.
Cyber compliance Align to Australian Government security requirements including the Protective Security Policy Framework (PSPF), Information Security Manual (ISM) and Essential Eight.
Page last reviewed: 17 April 2025

Comcare
GPO Box 9905, Canberra, ACT 2601
1300 366 979 | www.comcare.gov.au

Date printed 19 Apr 2025

https://www.comcare.gov.au/about/forms-pubs/docs/pubs/corporate-publications/cyber-security-strategy