Former national cyber security adviser Alastair MacGibbon and former Optus Business managing director John Paitaridis joined forces to create the country’s largest pure cyber security company, with 400 staff and backing from private equity firm BGH Capital.
Led by Mr Paitaridis, CyberCX brings together 12 niche cyber security players to form one large company.
The investment by buyout fund BGH, which acquired Navitas earlier this year, is said to be the “largest private security investment in cyber security in the country”, but the amount was undisclosed.
Speaking to The Australian Financial Review, Mr Paitaridis said CyberCX was created with the belief that businesses and government agencies were still not adequately equipped to protect and defend their critical assets.
“I have a long history and career in managing infrastructure, networks and building services businesses … and as I’ve been participating in the cyber security and tech industries, it became apparent that the sector in Australia was highly fragmented,” he said.
“My view here is to bring together the best cyber security talent and the strongest skill sets. The people who are the most mission-focused on cyber security … are the independent players and there has been no single large leading independent player in the Australian market and Australia needs that.
“It’s a bold vision, but one where we believe we’re creating a business that is going to be nationally important.”
Historically the market has been dominated by offshore multinationals, the major consulting firms or telecommunications companies such as Optus that also have cyber security divisions, despite a wide array of smaller local companies being created.
The funding from BGH supported the acquisition of Alcorn, Assurance, Asterisk, CQR, Diamond, Enosys, Klein&Co, Phriendly Phishing, Sense of Security, Shearwater, TSS and YellIT. It also gave additional funds for the growth of CyberCX and future acquisitions that are already in the pipeline.
The company will provide a full range of cyber security services from consulting and advisory, risk and compliance, security assurance, integration and software engineering, incident response and digital forensics, training and education and managed security services.
It will have 25 offices throughout Australia and revenue of more than $100 million, from hundreds of clients such as the Department of Defence and Department of Foreign Affairs and Trade, Jemena, the big four banks and Curtin University.
Mr MacGibbon, who resigned from his public sector roles in May, will serve as chief strategy officer of CyberCX.
He said the new company was an opportunity to meet the cyber security needs of Australian businesses and public sector departments in a way he could not do in government.
“To me, the big question has always been about cyber security at scale and doing it in a way that’s repeatable,” he said.
“The company brings together risk people with tech experts and service implementation people.
“We can deliver in a way that, quite frankly when we were in government, we just couldn’t do.”
Prior to being the government’s cyber tsar Mr MacGibbon had worked in a variety of private sector roles including as the general manager of security at Dimension Data and as managing partner of cyber security consultancy Surete Group.
He said CyberCX was an extension of his long-held aspirations from his private sector career.
“CyberCX has the opportunity to unlock the major potential of these companies that have been geographically locked or extremely deep in their expertise,” he said.
All the leaders of the 12 cyber security firms being acquired are staying on with CyberCX and will own shares in the new firm.
A 2018 report from AustCyber into the competitiveness of the sector found that the industry was “fragmented and underdeveloped, especially in software”, making it tough for the country to harness its economic potential.
It also stated that procurement processes favoured larger, established companies, in part because smaller cyber security operators lacked the resources to deliver large-scale projects.
Mr Paitaridis, who is also the chair of the Australian Information Industry Association, said the firms being merged were usually strong in a particular state or niche, but bringing them together would create a scalable company that still had the trust of these established smaller player.
He expected the business to have a compound annual growth rate of 10-15 per cent.
Did You See This CB Softwares?
37 SOFTWARE TOOLS... FOR $27!?Join Affiliate Bots Right Away
“My goal is to be the employer of choice for cyber security professionals … and then to be customer-obsessed,” he said.
“If you can corner the talent, you corner the market. This has been the core principle of every business I’ve grown and that’s the bedrock of the company.”
Mr MacGibbon believed that a venture like CyberCX would not have been possible even three years ago, as the sector had to hit a certain level of maturity for a firm like it to be created.
“It all goes back to April 2016 when Malcolm Turnbull launched the national cyber security strategy. It was audacious and real money was being put into stimulating the cyber security economy,” he said.
“Now you have real private sector money being invested into those same businesses, with a maturation of the discussion that’s been led by the federal government.”
Unable to follow, try again