Expansion plans approved for our Cyber Uplift Program

Local governments face an increasingly complex cyber threat environment, with increased expectations around prevention, preparedness and resilience. As part of our ongoing Cyber Uplift Program, we've introduced a set of targeted service enhancements designed to strengthen member cyber maturity in practical and measurable ways. ​

These expanded services reflect our continued commitment to excellence in cyber risk support, and—through a co-funded arrangement—help councils access high-value assurance and uplift activities in a way that is both scalable and cost-effective. 

What’s new in the Cyber Uplift Program? 

1. ASD Essential Eight Alignment  
To provide a more complete picture of member resilience, the ASD Essential Eight audit has now been expanded to incorporate three additional assessment areas 

  • Disaster Recovery Preparedness — assessing the member’s ability to restore systems and data following a cyber incident.

  • Business Continuity — assessing the members' capacity to maintain critical services during and after an incident.

  • Staff Awareness and Training — assessing baseline cyber hygiene awareness across the workforce.

This ensures our audit scope is directly aligned with local government’s cyber audit focus areas, helping members demonstrate improvement against documented findings. 
 
2. Tabletop Incident Management Exercise  
Our Tabletop Incident Management Exercise continues to be the most adopted service in the program, with strong member feedback and delivery already completed for the City of Swan, City of Cockburn, and regional councils. These scenario-based exercises test a council’s ability to respond to a cyber incident across both operational and executive levels, including:  

  • Incident readiness and cross-functional coordination across IT, executive leadership, communications, legal, operations and key vendors

  • Executive decision-making, including notification authorities, decision thresholds and community response considerations 

  • Validation of escalation paths, notification requirements and continuity arrangements.

To build capability over time, we have strengthened this service by introducing a more progressive approach and two additional assurance activities:  

  • Progressive exercise program — year-on-year scenario escalation from single-event exercises to compound scenarios and LEMC activation. 

  • Phishing Simulation — targeted testing of the human and credential attack surface using current-generation AI-assisted lures. 

  • Vulnerability Assessment and Penetration Testing (VAPT) — independent assessment of internet-facing systems to identify exploitable vulnerabilities and misconfigurations; findings directly inform tabletop scenario design.

3. Supplier / Vendor Cyber Risk Review 
Our Supplier / Vendor Cyber Risk Review provides structured assessments of high-risk vendors, examining areas such as:  

  • Remote access controls and authentication requirements

  • Logging, monitoring and audit trail obligations

  • Incident notification obligations and response timeframes

  • Subcontratcor and supply chain security requirements

  • Minimum security baseline requirements

This service has now been expanded to support councils across the full vendor lifecycle - from initial selection through to ongong contract management:

  • Vendor security assessment - practical guidance to evaluate vendor capability and cyber maturity
  • Ongoing assessment - support for periodic reassessment as threats, vendor configurations and council environments change

A key strength of the Cyber Uplift Program is the co-funded arrangement, which helps councils access high-impact services- such as audits, exercises and vendor reviews - while keeping delivery practical and achievable across a diverse local government landscape. By combining structured assurance with staged uplift pathways, the program helps councils not only identify gaps but also build repeatable capability over time.

For more information, or to arrange a scoping meeting please contact Liberty.Mudzamba@marsh.com or your account manager.