The warning was contained in a submission made to a NSW upper house premier and finance committee inquiry into cyber security.
The organisation said in a statement that as the NSW Government was the biggest employer in the country, it needed to be compelled to be more open about the state of cyber security.
"Without mandatory reporting requirements, we have no idea about the extent of NSW's cyber security problem," said Unions NSW secretary Mark Morey.
"We have a right to know if the government is up to the job of keeping our data safe and secure."
The statement pointed out that In April, Service NSW was hit by a phishing attack that had stolen more than 500,000 documents and left 186,000 people exposed, adding that Service NSW held information such as including drivers' licence details, registrations for guns, cars and births, as well as details about businesses and properties.
The organisation said it was calling for laws to make it compulsory for the government to disclose details fo serious data breaches to a designated agency.
"NSW needs designated cyber cops, who can protect our data and digital assets," said Morey. "The rest of the world is moving on this, and our government's inaction means we're at risk of being caught with our pants down.
"The government spent $3.8 billion on cyber security in 2017-18. We can't keep throwing cash at this problem and hoping it'll go away - we actually need to invest in sustainable, permanent cyber security jobs to get ahead."
Unions NSW, which represents about 600,000 workers, also called for the NSW Government to lead on assuring data rights to its employees, including legislating against the government selling the data of its employees.
"Data is the new oil. We need to make sure that the private details of NSW public sector workers don't end up treated like a commodity," said Morey.
"The data of NSW public sector workers should remain in NSW. COVID-19 showed us how exposed offshoring leaves us - it's time to bring NSW's cyber security in house and back home."