Foreign Investments Group – Cybersecurity Review

Our client asked for a review their systems, processes, and data maturity to provide a roadmap for activities to strengthen their defensive posture.


Given the sensitive nature of their work and the varied technology maturities of their partner companies, the board were concerned with their cybersecurity posture.
They approached 9X5 Consulting to independently review their systems, processes, and data maturity to provide a roadmap for activities to strengthen their defensive posture.


9X5 Consulting brought in a senior cybersecurity consultant to help with the analysis and provide a tailored cybersecurity roadmap. 9X5’s cybersecurity framework is based on the NIST Cybersecurity Framework and is broken down into five key areas: Identify, Protect, Detect, Respond, and Recover, supported by a governance layer. Given much of the organisation’s intellectual property was not documented, our consultant required a great deal of time interviewing staff from the client so the work was conducted on-site to minimise delays.
For each of these 6 phases, our consultant conducted an ‘As-Is’ assessment, which was then documented into a Current Profile. Based on best practices, we then created a Target Profile for an investment organisation. The gaps between these two profile documents determined the actions required in the roadmap, which were then prioritised based on legislative requirements (such as privacy legislation), cost and time to implement.

One example of an identified issue and roadmap recommendation was within the Governance Layer, it was identified that whilst the company had a risk policy and registered, this was not reviewed annually and did not include cybersecurity risks. As a high-impact, low-cost improvement, this was recommended as one of the first improvements on the company’s roadmap.
The current and target profile documents, along with the Cybersecurity Roadmap were delivered to Ampeliam Foreign Investments in 20 business days.


With their cybersecurity roadmap in place, this client is now on the way to strengthening their technology, work processes and cyber maturity to ensure that they can interface with potential partners with confidence.

Future aspirations now include ISO certifications to streamline the process of partnerships with other organisations.

Client Overview

Established in 2018, this Melbourne- based venture capital investment firm is part of a broader family office group of companies, focusing on science, technology, and manufacturing startups. The firm frequently engages with overseas companies, necessitating non-disclosure agreements and stringent measures concerning data privacy and security.