Close this search box.

Dear IT Companies, Stop Telling Clients They Are “Secure”


It’s become a dull and repetitive tune for our cybersecurity incident response team to endure on a daily basis Australian businesses ask how they got breached when their IT company assured them they were ‘secure’.

“With the global damage from cyber-crime predicted to exceed $6 trillion USD annually by 2021, it’s sad to see Australian businesses becoming the casualties of greedy corporations jumping on the ‘cybersecurity’ movement.”

The reality is quite simple, Managed Service Providers (MSPs), IT companies and IT consultants are not security experts. And whilst there is some overlap in setting up infrastructure in a ‘secure’ way, it’s simply not enough for companies in 2019 to rely on soundbites from those who are simply not qualified or familiar with the world of cyber-crime. Cybersecurity has never solely centred on technology, in fact recent statistics from OAIC Notifiable Data Breaches Quarterly Statistics Report show human error accounts for one-third of report breaches. [1]

In today’s age, criminals simply don’t want the combination to your vault of gold bars, they want your customer data and they want to manipulate your customers into sending money their way. And if they can’t do that – they’ll simply sell your customer data to the highest bidder. That’s the reality of the dark web and this threat is what has facilitated a lot of business managers to bring up the security as a concern with their technology companies who pounce at the opportunity.

Being a mechanic does not automatically qualify you for the Grand Prix, so why do companies continue to rely on assurances and security assessments by IT providers who are not even qualified to even issue them? Well, it’s because IT providers keep issuing assurances. Cybersecurity is an emerging industry, and many IT providers are riding the wave of inbound ‘security’ inquiries by offering ad hoc security assessments that are not aligned to industry standards.

IT providers have a duty of care to accurately represent their capabilities in a way that is honest and transparent. And it’s in their favour to do so, because when a client does suffer a data breach, the first phone call is usually to the IT company asking, ‘how could this have occurred?’.

It is sad to see Australian businesses become the casualties of greedy corporations jumping on the ‘cybersecurity’ movement, because at the end of the day it is cyber criminals that continue to benefit. In 2018, Australian’s lost over $107 million from scams and cyber-crime[2] with the global damage from cyber-crime predicted to exceed $6 trillion USD annually by 2021.[3] If Australian businesses continue to struggle making cybersecurity a priority, the statistics will soon stop being just numbers and become a nail on the coffin of boards, employees and the economy.




Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →