07/09/2026 | Press release | Distributed by Public on 07/09/2026 00:54
|
ESG RISK Converge is a mental health & wellbeing provider offering a range of Employee Assistance Program (EAP) services. Converge flagged cyber-security as a material ESG risk because it handles and stores highly sensitive personal and health information from clients and employees. Strong data protection is essential to safeguard privacy, maintain trust and meet regulatory expectations. |
|
|
WHAT CONVERGE DID TO REDUCE CYBER SECURITY THREATS Converge developed a business case with support from Roc Partners to target ISO 27001:2022 Information Security Management Systems (ISMS) certification. This provides a robust framework to systematically manage, protect and continuously improve information security. This initiative was delivered over 12 months, led internally by Converge's executive and IT/security teams, with support from external ISO specialists and auditors. |
Outcomes
Financial: ISO 27001 certification reduced cyber insurance premiums by 10-20%, lowered excess thresholds and improved coverage terms. This delivered recurring annual savings and reducing financial exposure in the event of a cyber incident.
Avoidance: Mature cyber controls are estimated to reduce incident impact by 20-40%. Assuming a material incident occurs once every five years with an average cost of $4 million, a 25% reduction in impact equates to $1 million in avoided loss per incident.
Opportunity: Strengthened Converge's competitive position in tenders and improved client retention.