A new report shows federal government cyber resilience is almost unchanged in the last three years.

The government’s latest protective security policy framework (PSPF) compliance report shows almost 40 percent of agencies have not yet implemented the Australian Signals Directorate’s supposedly mandatory cyber mitigation strategies.

The strategies are designed to help avoid at least 85 per cent of cyber intrusions, and are mandatory for non-corporate Commonwealth entities (NCCEs).

The report from the Attorney-General’s Department shows the number of agencies that meet the top four or ‘INFOSEC-4’ standards has climbed just three points between 2015-16 and 2017-18.

“Levels of compliance with INFOSEC-4, relating to cyber and ICT system security, including the ASD’s strategies to mitigate targeted cyber incidents, remain relatively steady, but continue to present an area of risk for the Australian Government with a level of compliance at 61.70 percent,” the report (available here in pdf) states.

A detailed breakdown is accessible here.