Case Study

Sports & entertainment group builds enterprise-grade cyber resilience with a trusted long-term partner

How CyberPulse partnered with a leading NRL club and multi-venue hospitality group to deliver a full-spectrum security uplift , from initial assessment through to managed detection, GRC and ongoing strategic advisory.

project snapshot

INDUSTRY

Sport & Hospitality

 

 

 

ORGANIZATION SIZE

~250 staff

 

 

LOCATION

Sydney, NSW

 

ENGAGEMENT

Ongoing

 

FRAMEWORKS

Essential Eight, ISO 27001

 

 

 

The Challenge

A growing organisation seeking a capable, trusted security partner

Easts Group, the entity behind the Sydney Roosters NRL club and a portfolio of hospitality venues across Sydney’s eastern suburbs, Penrith, and Illawarra, recognised that as the organisation scaled, so too did the importance of having a mature, well-governed approach to cybersecurity. With member data, payment infrastructure, ticketing platforms, and multi-venue operations all in scope, leadership wanted an independent, expert view of their security posture and a clear path forward.

Rather than waiting for an incident to drive action, Easts Group took a proactive approach , engaging CyberPulse as a trusted partner to baseline their current position, validate existing controls and design a practical roadmap to lift their security maturity over time.

Key priorities for the engagement included:

 

  • Establishing an independent, evidence-based cybersecurity maturity baseline. Assessment criteria were drawn from leading frameworks, including ISO 27001, ASD Essential Eight, and NIST CSF. Real-world incident response experience was incorporated to ensure findings reflected operational realities, culminating in a board-ready maturity scorecard and visual dashboard to drive informed investment decisions and executive-level security reporting.
  • Gaining confidence in the robustness of their technical controls across a diverse, multi-venue operating environment
  • Putting in place the right managed capabilities, detection, response, and email security, so that the internal team could focus on the business, backed by expert support
  • Building a structured, prioritised roadmap that would guide security investment over the medium term without disrupting operations

The Solution

A phased uplift from assessment to continuous managed security

CyberPulse designed and delivered a structured engagement that moved Easts Group from baseline assessment through technical uplift to a fully supported, continuously monitored security programme , underpinned by a multi-year cyber roadmap.

Phase 1: Cybersecurity Maturity Assessment & Penetration Test

CyberPulse conducted a comprehensive maturity assessment against Essential Eight and ISO 27001 controls, establishing a clear baseline across people, process and technology. Concurrent external and internal penetration testing validated control effectiveness and identified areas for strengthening, providing the executive team with an evidence-based risk picture and a prioritised remediation plan

Phase 2: MDR, Email Security & Vulnerability Management

Building on assessment findings, CyberPulse implemented a Managed Detection and Response (MDR) service to provide 24/7 threat monitoring and incident response across all venues and business units. Email security was enhanced with advanced anti-phishing, impersonation protection, and sandboxing controls. A structured vulnerability management programme was established, delivering regular scanning, prioritised remediation workflows, and executive-ready reporting.

Phase 3: GRC Platform, Risk Advisory & Cyber Roadmap

CyberPulse onboarded Easts Group onto a GRC platform to centralise control tracking, evidence management, and compliance reporting. Enterprise and cyber risk advisory services were embedded to support board-level governance. A multi-year cyber roadmap was delivered, giving the organisation a clear, prioritised view of capability targets, investment decisions, and maturity milestones aligned to their risk appetite. A full suite of risk management policy and framework materials were also delivered to strengthen the Group’s internal risk management capability.

The Results

From proactive intent to measurable, sustained capability

Full cybersecurity maturity baseline established with board-ready risk reporting, enabling confident governance and investment decisions

24/7 MDR coverage deployed across all venues, providing continuous threat detection and expert-led incident response

Email security posture materially strengthened with advanced filtering and impersonation protection across the organisation

Structured vulnerability management programme in place, replacing ad hoc patching with tracked, prioritised remediation cycles

&

Board-approved multi-year cyber roadmap aligning security investment with organisational risk appetite and growth plans

GRC platform centralising control management and compliance evidence, reducing manual overhead and improving audit-readiness

“CyberPulse gave us clarity we didn’t have before, not just on where we stood but a practical path forward. The roadmap they delivered has become the foundation of how we think about security investment.”

Jimmy O’Regan

Group IT Manager, Easts Group

Cybersecurity Maturity Assessment

I

Penetration Testing

Managed Detection & Response

Email Security Uplift

h

Vulnerability Management

GRC Platform

Enterprise Risk Advisory

i

Cyber Risk Advisory

vCISO / Ongoing Advisory

Cyber Roadmap

Facing a similar challenge?

We can help you build clarity, capability, and confidence.