Adoption, migration, optimisation, security and management services designed to deliver business agility.
Improve your security posture with tailored strategies and front-line defence services.
Scalable colocation and connectivity within a hyper secure environment.
Disaster recovery and serviced offices in secure, premium office facilities.
Tailored end-to-end solutions for your hardware ecosystem across the widest range of vendors.
Seamless management of your IT environment, underpinned by world-class cyber security, no matter where you are on your journey.
Securely and effectively operate, monitor and maintain your network.
Enjoy the comfort of a modern working space supported by world class technology, security and resilience.
Help your clients take control of their IT environment with Australia and New Zealand’s leading hardware maintenance provider.
Interactive Anywhere provides robust infrastructure solutions designed to support the seamless operation of digital environments. These solutions include scalable cloud services, reliable data storage, and efficient server management, ensuring optimal performance and uptime.
The network solutions from Interactive Anywhere encompass comprehensive design, implementation, and maintenance of secure and efficient networks. By optimising connectivity and bandwidth, these solutions facilitate seamless communication and data transfer, enhancing overall productivity and operational efficiency.
Interactive Anywhere offers dedicated end user support services that ensure users receive prompt assistance with technical issues. This includes help desk support, troubleshooting, and training, aimed at improving user experience and minimising downtime for businesses.
With a focus on safeguarding digital assets, Interactive Anywhere's cyber security solutions provide advanced protection against cyber threats. These solutions include threat detection, risk management, and compliance services, ensuring businesses can operate securely and with confidence.
Interactive offers financial institutions with secure operations, robust cyber security, seamless connectivity, end-user support, and cloud solutions, ensuring long-term resilience.
For manufacturing, precision and efficiency are paramount. Our solutions optimise operations, streamline processes, and ensure seamless connectivity to drive productivity and innovation.
In professional services, reliability and agility are crucial. Our solutions enhance efficiency, streamline workflows, and provide seamless connectivity, empowering firms to deliver exceptional client experiences and stay ahead in a dynamic market.
In aged care, precision and patient well-being are fundamental. Our solutions enhance operational efficiency, streamline workflows, and guarantee secure, seamless connectivity, empowering providers to deliver exceptional care and lead in an ever-evolving sector.
We're Australia's leading IT service provider and we keep technology human.
News & insights from our experts to help you drive performance and grow your business.
News & insights from our experts to help you drive performance and grow your business
News & insights from our experts to help you drive performance and grow your business
Customer Stories description
Cyber risk is just one of many risks for organisations to be across, and cyber security is just another hungry mouth to feed when it comes to budget time.
Cyber security appears to be expensive, breaches appear to be inevitable, and it is difficult to know whether the money spend in cyber would provide a good return on investment or, to what extent would reduce the fall-out of a significant cyber-attack.
Indicative potential financial losses can be estimated using the annual IBM/Ponemon Cost of a Data Breach Report, based on the number of records, industry, and country. The report also provides good data around cost mitigating and cost amplifying factors. However, there is an endless number of cyber security tools, services, and standards on the market, and it is difficult to decide what to pick for the best financial value and ROI.
The Essential Eight Maturity Model, ISO 27001 Annex A controls and NIST Cybersecurity Framework (CSF) all provide best practice guidance on cyber security processes, tools and people. However, the question remains on how to calculate their financial value vs their costs and ROI.
It's better to prevent a cyber-attack in the first place. The stronger the protective controls, the less likely a threat will eventuate on the most valuable tangible and intangible assets.
One way of being able to do this is below.
The first step is to estimate the financial value of the most important data in the organisation whilst also seeing this data as a type of intangible asset. The questions below will help determine these figures:
The above examples focus on financial losses. The following are examples on how to estimate value creation due to implementing “best practice” cyber security.
The next step is to describe 2-3 top-down cyber risks. Top-down risks are a useful way for the Board to be kept informed on a regular basis on cyber security without all the operational detail
As a cyber risk consultant, my preference is to describe top down risks in a way which is similar to the FAIR ™ model. The description includes the assets, threat, data, and the resulting potential primary and secondary impacts.
These components are then mapped against the associated NIST “protect, detect, respond and recover” controls.
The final step is to then estimate $ values against each of the components. The table below shows how this is done.
The most expensive cost is the loss due to the secondary impact, which can be estimated from the IBM Ponemon Cost of Data Breach report (average of USD 3.86 million in 2021). The cheapest costs are those relating to respond and recover controls.
There is a direct correlation between the effectiveness of detective controls and the ability to reduce both the likelihood and impact of primary and secondary impacts. Ineffective detective controls also correlate with the cost of respond and recovery controls, which could increase exponentially during a major cyber-attack.
The effectiveness of detective controls increases by performing red/blue team tests, firewall reviews and tuning the SIEM to respond to known attack techniques, such as those in the MITRE ATT&CK framework.
It’s better to prevent a cyber-attack in the first place. The stronger the protective controls, the less likely a threat will eventuate on the most valuable tangible and intangible assets.
NIST recommends all types of controls (identify, protect, detect, respond, and recover) to be equally mature in order to stand the best chance of preventing and responding to a cyber-attack. However, it is not possible to do everything at once, given the time, cost, and resource constraints.
In conclusion, the above table helps to identify which of the controls will be most suitable to help mitigate and manage the top cyber risks. The costs can then be calculated based on the current controls and additional mitigations and show how these controls will either protect the value of the data or minimise the fall-out of both primary and secondary impacts.
This is how it is possible to calculate both the financial value and ROI of cyber security.
The piece was written by cyber risk and compliance specialist Veronica Hall.