Case Study
Sports & entertainment group builds enterprise-grade cyber resilience with a trusted long-term partner
How CyberPulse partnered with a leading NRL club and multi-venue hospitality group to deliver a full-spectrum security uplift , from initial assessment through to managed detection, GRC and ongoing strategic advisory.
project snapshot
INDUSTRY
Sport & Hospitality
ORGANIZATION SIZE
~250 staff
LOCATION
Sydney, NSW
ENGAGEMENT
Ongoing
FRAMEWORKS
Essential Eight, ISO 27001
The Challenge
A growing organisation seeking a capable, trusted security partner
Easts Group, the entity behind the Sydney Roosters NRL club and a portfolio of hospitality venues across Sydney’s eastern suburbs, Penrith, and Illawarra, recognised that as the organisation scaled, so too did the importance of having a mature, well-governed approach to cybersecurity. With member data, payment infrastructure, ticketing platforms, and multi-venue operations all in scope, leadership wanted an independent, expert view of their security posture and a clear path forward.
Rather than waiting for an incident to drive action, Easts Group took a proactive approach , engaging CyberPulse as a trusted partner to baseline their current position, validate existing controls and design a practical roadmap to lift their security maturity over time.
Key priorities for the engagement included:
- Establishing an independent, evidence-based cybersecurity maturity baseline. Assessment criteria were drawn from leading frameworks, including ISO 27001, ASD Essential Eight, and NIST CSF. Real-world incident response experience was incorporated to ensure findings reflected operational realities, culminating in a board-ready maturity scorecard and visual dashboard to drive informed investment decisions and executive-level security reporting.
- Gaining confidence in the robustness of their technical controls across a diverse, multi-venue operating environment
- Putting in place the right managed capabilities, detection, response, and email security, so that the internal team could focus on the business, backed by expert support
- Building a structured, prioritised roadmap that would guide security investment over the medium term without disrupting operations
The Solution
A phased uplift from assessment to continuous managed security
CyberPulse designed and delivered a structured engagement that moved Easts Group from baseline assessment through technical uplift to a fully supported, continuously monitored security programme , underpinned by a multi-year cyber roadmap.
Phase 1: Cybersecurity Maturity Assessment & Penetration Test
CyberPulse conducted a comprehensive maturity assessment against Essential Eight and ISO 27001 controls, establishing a clear baseline across people, process and technology. Concurrent external and internal penetration testing validated control effectiveness and identified areas for strengthening, providing the executive team with an evidence-based risk picture and a prioritised remediation plan
Phase 2: MDR, Email Security & Vulnerability Management
Building on assessment findings, CyberPulse implemented a Managed Detection and Response (MDR) service to provide 24/7 threat monitoring and incident response across all venues and business units. Email security was enhanced with advanced anti-phishing, impersonation protection, and sandboxing controls. A structured vulnerability management programme was established, delivering regular scanning, prioritised remediation workflows, and executive-ready reporting.
Phase 3: GRC Platform, Risk Advisory & Cyber Roadmap
CyberPulse onboarded Easts Group onto a GRC platform to centralise control tracking, evidence management, and compliance reporting. Enterprise and cyber risk advisory services were embedded to support board-level governance. A multi-year cyber roadmap was delivered, giving the organisation a clear, prioritised view of capability targets, investment decisions, and maturity milestones aligned to their risk appetite. A full suite of risk management policy and framework materials were also delivered to strengthen the Group’s internal risk management capability.
The Results
From proactive intent to measurable, sustained capability
Full cybersecurity maturity baseline established with board-ready risk reporting, enabling confident governance and investment decisions
24/7 MDR coverage deployed across all venues, providing continuous threat detection and expert-led incident response
Email security posture materially strengthened with advanced filtering and impersonation protection across the organisation
Structured vulnerability management programme in place, replacing ad hoc patching with tracked, prioritised remediation cycles
Board-approved multi-year cyber roadmap aligning security investment with organisational risk appetite and growth plans
GRC platform centralising control management and compliance evidence, reducing manual overhead and improving audit-readiness
“CyberPulse gave us clarity we didn’t have before, not just on where we stood but a practical path forward. The roadmap they delivered has become the foundation of how we think about security investment.”