Dear IT Companies, Stop Telling Clients They Are “Secure”


Share on facebook
Share on twitter
Share on linkedin

It’s become a dull and repetitive tune for our cybersecurity incident response team to endure on a daily basis Australian businesses ask how they got breached when their IT company assured them they were ‘secure’.

“With the global damage from cyber-crime predicted to exceed $6 trillion USD annually by 2021, it’s sad to see Australian businesses becoming the casualties of greedy corporations jumping on the ‘cybersecurity’ movement.”

The reality is quite simple, Managed Service Providers (MSPs), IT companies and IT consultants are not security experts. And whilst there is some overlap in setting up infrastructure in a ‘secure’ way, it’s simply not enough for companies in 2019 to rely on soundbites from those who are simply not qualified or familiar with the world of cyber-crime. Cybersecurity has never solely centred on technology, in fact recent statistics from OAIC Notifiable Data Breaches Quarterly Statistics Report show human error accounts for one-third of report breaches. [1]

In today’s age, criminals simply don’t want the combination to your vault of gold bars, they want your customer data and they want to manipulate your customers into sending money their way. And if they can’t do that – they’ll simply sell your customer data to the highest bidder. That’s the reality of the dark web and this threat is what has facilitated a lot of business managers to bring up the security as a concern with their technology companies who pounce at the opportunity.

Being a mechanic does not automatically qualify you for the Grand Prix, so why do companies continue to rely on assurances and security assessments by IT providers who are not even qualified to even issue them? Well, it’s because IT providers keep issuing assurances. Cybersecurity is an emerging industry, and many IT providers are riding the wave of inbound ‘security’ inquiries by offering ad hoc security assessments that are not aligned to industry standards.

IT providers have a duty of care to accurately represent their capabilities in a way that is honest and transparent. And it’s in their favour to do so, because when a client does suffer a data breach, the first phone call is usually to the IT company asking, ‘how could this have occurred?’.

It is sad to see Australian businesses become the casualties of greedy corporations jumping on the ‘cybersecurity’ movement, because at the end of the day it is cyber criminals that continue to benefit. In 2018, Australian’s lost over $107 million from scams and cyber-crime[2] with the global damage from cyber-crime predicted to exceed $6 trillion USD annually by 2021.[3] If Australian businesses continue to struggle making cybersecurity a priority, the statistics will soon stop being just numbers and become a nail on the coffin of boards, employees and the economy.




Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.