E-mail filtering in all agencies was found to be inadequate. Only one government agency had sound disaster recovery plans in place. Two agencies were found to depend on the knowledge of key staff and few agencies had documented procedures, some documents were left in draft form and some plans had not been regularly reviewed.

The report also recommended the Department of Industry, Tourism and Resources (DITR) document the coverage of Internet services within business continuity and disaster recovery plans in 2006-07, introduce requirements for documenting benefits versus risk before purchasing new technologies and review e-mail blocking tools with a view to "improving the blocking of malicious e-mails."