What's brought you here? Pick the situation that fits — we'll point you to the right starting point.

A staff member nearly clicked a phishing link. You couldn't answer a security question from a client. You realised you have no real idea what would happen if something went wrong tonight. Any of those is reason enough to get a clear picture — fast.

The Cyber Risk Snapshot gives you exactly that: a plain-language view of what is actually exposed in your business, ranked by priority. Not a 200-page compliance report. A practical answer to the question your leadership team is already asking — where do we actually stand, and what do we fix first?

This assessment draws on ISO 27001, the Essential Eight, and the Privacy Act — not to lock you into a framework, but to make sure nothing significant gets missed. The output is yours to act on immediately, or use as the starting point for your next step.

Westpac, CBA, BHP — and most government procurement panels — are now asking their suppliers about Essential Eight maturity. If you've received one of those questionnaires, or a tender asked the question and you weren't ready, you need an independent scorecard before someone asks again.

This assessment scores your business against each of the eight controls at your target maturity level. Not a checklist — a verified review of whether the controls are actually in place and operating as intended. The output is an independent scorecard you can hand directly to a client, insurer, or government agency.

If gaps need closing to reach your target level, we'll give you a prioritised roadmap your MSP can act on directly.

If your business turns over less than $3 million, you've been exempt from the Privacy Act. That exemption ends on 1 July 2026. More than 100,000 Australian businesses will move into compliance scope — whether they're ready or not.

The Privacy Health Check tells you exactly where you stand. We map what personal data your business collects, where it goes, who can access it, and whether your current practices hold up against the Australian Privacy Principles. You get a plain-language gap report and a prioritised action list — not legal jargon and not an open-ended project.

This review is also relevant for NZ businesses under the Privacy Act 2020, and for any AU business whose accountant, lawyer, or insurer has already started asking questions about data handling practices.

A staff member nearly fell for a phishing email in your M365 inbox. Someone left the company and you're not certain what access they still have. Your insurer asked about M365 configuration and you weren't sure what to say. Any of those is worth acting on.

55% of M365 compromises involve misconfiguration — not sophisticated attacks. Email forwarding rules sending data outside the business. Admin accounts without MFA. SharePoint sharing settings that expose more than intended. This review finds them before someone else does.

We audit your M365 environment against Microsoft's own security benchmarks and hand your MSP a clear, prioritised list of what to lock down — with specific configuration changes, ready to action.

Your insurer sent a security questionnaire you weren't sure how to answer. Your premium went up at renewal. Or you're applying for cyber cover for the first time and realise you don't know what they'll ask. These conversations are getting more specific every year.

Most insurers now require evidence of MFA, tested backups, an incident response plan, and staff security awareness training as a minimum baseline. If you can't evidence those controls, you're at risk of coverage exclusions — or a premium that doesn't reflect the security you actually have in place.

This assessment maps your current security controls to what your insurer is asking for. We identify what you can evidence today, where the gaps are, and which gaps are most likely to affect your premiums or coverage. The output includes an evidence pack your broker can use at renewal.

An enterprise client asked "are you ISO 27001 certified?" A government tender required it. A potential partner wants to see a certificate before they'll proceed. You said "not yet" — and now you need to understand what's actually involved before committing.

ISO 27001 certification typically takes 12–18 months and requires a significant investment in time and resource. Before committing, you need an honest picture of where you stand and what the gap looks like for a business your size. This assessment gives you that — without the sales pitch to proceed.

We map your current state against ISO 27001:2022 — the ISMS management clauses and all 93 Annex A controls. We factor in what your MSP already handles on your behalf, and give you a realistic estimate of cost, effort, and timeline to certification.

You want a certifiable security standard that doesn't require 18 months and $50,000. SMB1001 was built for exactly that. If you've heard about it from your insurer, a peer, or a cyber broker — or if ISO 27001 feels out of reach right now — this assessment tells you where you currently stand and what certification would actually involve.

We assess your business against the SMB1001 controls across all four levels and tell you which level you're ready for today, what it takes to reach Bronze or Silver, and which controls your MSP already covers. The output is a readiness report and a clear certification pathway — not a project proposal.

Most businesses targeting Bronze certification can get there within 8–12 weeks of this assessment.