Two Tasmanian local councils strengthen cyber resilience through partnership with Excite Cyber

“You can buy technology, but without people, it won’t work. Excite Cyber helped us embed security as part of our culture. That’s something we couldn’t have achieved alone without their training and guidance.”

Exposure Management | Governance & Risk | Government & Policy | Security Operations

Posted: Tuesday, Oct 28

KBI.Media
$
Two Tasmanian local councils strengthen cyber resilience through partnership with Excite Cyber

Two Tasmanian local councils strengthen cyber resilience through partnership with Excite Cyber

Waratah-Wynyard Council and Circular Head Council in Tasmania work in close partnership to deliver vital services and efficiencies to their communities. Together, they manage sensitive information, critical infrastructure, and systems that underpin service delivery to the communities they serve.

As the threat landscape for local government continues to evolve, the Councils recognised the need to modernise their cybersecurity and information governance approach. With limited internal resources and the increasing expectations of both government and the community, they commenced partnering with Excite Cyber (ASX: EXT) in 2023 to strengthen their resilience, compliance, and bolster their internal security culture.

The problem: escalating cyber-crime in Australia

Like many local governments around Australia, the Councils faced increasing need to protect against cyber threats, ensure compliance with evolving regulations, and safeguard public trust.

“Local government is a high-value target for cyber criminals, but we don’t have the same level of resources as large corporations,” explains Sallie Moore-Wood, Director of Governance and Information Systems at Waratah-Wynyard Council and Circular Head Council.

“We needed a partner who could help us lift our maturity quickly, practically, and in a way that would bring our people along on the journey providing training and uplift,” she explains.

Previous audits had flagged opportunities to strengthen governance and compliance and the Councils wanted to proactively reduce risk. A cyber incident at a nearby local council, highlighted how vulnerable local governments are in the current climate. The Councils had never suffered an incident but wanted to proactively seek an external partner that could provide expertise to boost confidence and reduce risk. 

The solution: provider with local team, Tasmanian and mainland SOC

The Councils selected Excite Cyber through a government-approved panel process. A key factor in choosing Excite Cyber was their dual Operations Centre (SOC) setup. 

‘Having a Tasmanian-based SOC and local expertise on the ground in Tasmania was important for us. But knowing that Excite Cyber also operates a mainland SOC and wider team, provided us with an extra layer of security protection. We knew we could rely on Excite Cyber if something happened, which was really comforting for our small Councils,” Sallie explains.

“It wasn’t about picking the biggest player. We wanted someone who understood our technology environment and could work alongside us. Excite Cyber offered the right mix of technical depth and people skills. We knew we could pick up the phone and get answers quickly. They never make us feel like we’re a small fish in a big pond. We always receive priority service,” she says.

The process began in early 2024 with a phased rollout, including:

Implementation of a stronger information governance framework.
Cybersecurity awareness and cultural uplift programs for staff.
Advanced monitoring and protection tools to reduce risk exposure.
Structured reporting and dashboards to give leadership greater visibility.

The benefits: reduced risk, 24/7 threat monitoring, enhanced security culture

The results of the partnership with Excite Cyber have been significant, both in reducing risk and in fostering a proactive cybersecurity culture across the Councils. “Before Excite Cyber, cybersecurity was seen as an IT problem. Now, it’s part of everyone’s role,” Sallie says.

A major cultural shift has been the way staff now approach cybersecurity. Employees are more aware of threats, particularly phishing emails, and feel safe to report potential issues without fear of blame. This openness has strengthened internal security practices and vigilance, leading to measurable improvements in threat detection. Staff now routinely flag suspicious emails, protecting sensitive data before it becomes a problem.

“Staff are proactive about reporting phishing emails and flagging other issues for investigation. We even get people saying, ‘I clicked on this, I probably shouldn’t have,’” Sallie explains. “Even our CEOs openly admit if they’ve made a mistake, which sets the tone from the top down and reinforces our no-blame culture,” she explains.

Sallie sums it up: “You can buy technology, but without people, it won’t work. Excite Cyber helped us embed security as part of our culture. That’s something we couldn’t have achieved alone without their training and guidance.”

Excite Cyber has also helped guide the Councils through the transition from the Essential Eight to the new Tasmanian Protective Security Policy Framework, ensuring they remain at the forefront of cybersecurity standards. This guidance has built confidence across multiple levels of the Councils, from elected members to the wider community, while strengthening internal practices and audit readiness.

The Councils are now able to demonstrate strong, proactive 24/7 threat detection monitoring, ensuring they alerted in real-time by Excite Cyber if something is happening across their network. With Excite Cyber’s support, the Councils have strengthened both their technical defences and the confidence of those they serve.

The future: adopting new frameworks and standards and leveraging AI

Looking ahead, the Councils are continuing to strengthen their cybersecurity foundation with Excite Cyber’s guidance signing a contract that spans the next two years. A key future focus is internal documentation, ensuring all processes and actions are clearly recorded to support compliance and audits. This structured approach reinforces accountability and transparency across the organisation.

The Councils also maintain proactive threat detection monitoring through Excite Cyber’s SOC. This ensures threats are detected and addressed before they become issues. Alongside this, ongoing staff training and awareness programs keep cybersecurity top of mind, reinforcing the no-blame reporting culture that has been so successful.

Excite Cyber continues to support the Councils in adopting new frameworks and standards, including staying ahead with the Tasmanian Protective Security Policy Framework and preparing for future updates. Regular internal audits and checks provide assurance that risks are managed effectively, and that both elected members and the community can have confidence in the Councils’ security posture.

The Councils are also exploring innovative tools, including AI-assisted monitoring, to further enhance threat detection, while continuing to invest in the security of IT infrastructure and connected applications. Together, these initiatives ensure that Waratah-Wynyard and Circular Head Councils are not just responding to cybersecurity risks, they are staying ahead of them.