The indictment came from the government-controlled Joint Committee of Public Accounts and Audit.

Labor shadow cyber security minister Tim Watts said in a statement: "This failure is so bad that the committee found a new and unprecedented oversight regime is needed to ensure our vital government services and the data of Australian citizens they hold are appropriately protected at a time of dramatically increasing cyber threats.

"It comes after years of staggeringly high rates of non-compliance from the Commonwealth Government with its own cyber security framework."

Watts, along with JCPAA deputy chair Julian Hill, said a report on the government's own Cyber Security Posture in 2019 found that implementations of the ASD directives "remains at low levels across the Australian Government".

Watts and Hill pointed out that the auditor-general had shone a light on these ongoing failures, saying in his mid-term report that, “with cyber security being an area of government priority for many years, these findings are disappointing”.

"Despite this warning, the Morrison Government has failed to do the basics," the two Labor parliamentarians said.

"The prime minister has never missed a photo op on his many announcements when it comes to talking about the cyber security threats facing our nation. But he hasn’t been there for the follow-up to ensure cyber resiliency inside his government in the face of these increasing threats.

"At the same time, the government has introduced legislation that imposes significant obligations on private sector companies to significantly lift their cyber security practices and behaviours.

"It’s another case of do as I say, not as I do from the Morrison Government. Now that Parliament has done the prime minister’s job for him, he must immediately accept and act on this report’s recommendations."