"Poor controls" over government IT and cybersecurity
You can purchase access to this special report or subscribe to Business News.
Subscribe to Business News.
The security of more than 30 government entity IT systems remains at "considerable risk" despite warnings last year, according to WA's auditor-general.
Caroline Spencer found almost half of the cybersecurity weaknesses identified in her agency's previous report on information systems had not been addressed.
"These findings continue to represent a considerable risk to the confidentiality, integrity and availability of entities’ information systems," her report concluded.
"This is an area that without constant effort, entities will go backwards in their security environment, exposing their systems, their operations and citizen data to harm."
WA Police, the Department of Premier and Cabinet and the Department of Justice were among 36 entities issued with "findings and capability assessments".
"This year’s audits show many entities are still not addressing audit findings quickly, with nearly half of all findings previously reported remaining unresolved by the following year's audit," Ms Spencer wrote.
"It is also disappointing that many entities continue to have poor controls over information security.
"Only 50 per cent of entities met our benchmark in this area, with no noticeable improvement from the previous year."
The assessments focus on information security, business continuity, the management of risks and IT operations amid the increased threat of cybersecurity attacks.
"We reported 526 findings to 54 state government entities," the report said.
"Findings in the information security area accounted for 47 per cent of the findings.
"Most identified weaknesses are rated as moderate because they are of sufficient concern to warrant action being taken by the entity as soon as possible.
"However, combinations of moderate findings can expose entities to more serious risks."
Ms Spencer said while there were improvements in business continuity planning, many entities remain unprepared.
"This could lead to extended outages and disruption to the delivery of important services to the public," she said.