Australian Investment Council Ltd.

07/09/2026 | Press release | Distributed by Public on 07/09/2026 00:54

Converge

ESG RISK

Converge is a mental health & wellbeing provider offering a range of Employee Assistance Program (EAP) services.

Converge flagged cyber-security as a material ESG risk because it handles and stores highly sensitive personal and health information from clients and employees. Strong data protection is essential to safeguard privacy, maintain trust and meet regulatory expectations.

WHAT CONVERGE DID TO REDUCE CYBER SECURITY THREATS

Converge developed a business case with support from Roc Partners to target ISO 27001:2022 Information Security Management Systems (ISMS) certification. This provides a robust framework to systematically manage, protect and continuously improve information security. This initiative was delivered over 12 months, led internally by Converge's executive and IT/security teams, with support from external ISO specialists and auditors.

Outcomes

Financial: ISO 27001 certification reduced cyber insurance premiums by 10-20%, lowered excess thresholds and improved coverage terms. This delivered recurring annual savings and reducing financial exposure in the event of a cyber incident.

Avoidance: Mature cyber controls are estimated to reduce incident impact by 20-40%. Assuming a material incident occurs once every five years with an average cost of $4 million, a 25% reduction in impact equates to $1 million in avoided loss per incident.

Opportunity: Strengthened Converge's competitive position in tenders and improved client retention.

Australian Investment Council Ltd. published this content on July 09, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on July 09, 2026 at 06:54 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]