Level 40, 140 William St, Melbourne VIC 3000 +61 3 7064 5507 contact@cyberimpact.com.au

About

Cyber Impact is an independent AI and cyber risk advisory firm.

We work with executives, boards, regulators, and CISOs across Australia. The work is direct, evidence led, and built around what a regulator, an auditor, or an insurer will actually accept as proof.

How the firm works.

Independent advice.

The advice serves the client first. Every engagement is scoped, written, and defended on its own merits.

Multi practitioner.

Senior practitioners, not junior consultants on training wheels. Every engagement is led by someone who has carried operational accountability for cyber or AI risk in the same kind of environment as the client.

Evidence led.

Every engagement leaves the client with evidence a regulator, an auditor, or an insurer will recognise. No long form strategy decks that read well in a slide pack and fall apart under regulator scrutiny.

Discreet by default.

Most engagements are private. Clients are not named in marketing material without written permission. Briefings are off the record unless the client asks otherwise.

Built for regulated and high stakes environments.

Deep bench across APRA, ASIC, AUSTRAC, OAIC, SOCI, ASX listing rules, and the Privacy Act. Whether the client is APRA regulated, ASX listed, or simply carrying material customer or data risk, the control language we write in is what a Board Risk Committee or a regulator already uses.

Ongoing where the regulator expects it.

Some work is one off. Some has to keep going. AI Governance as a Service and Data Governance & Privacy run on a monthly cadence because that is what the regulator, the auditor, and the insurer expect.

Cyber Impact advisory team in a Melbourne boardroom

Where our practitioners have led.

Our practitioners have carried operational accountability for cyber and AI risk across financial services, government, and enterprise, including ANZ, Iress, Serco, EY, and PwC. We have stood up security operating models, fronted regulators, and written the Board Risk Committee paper that gets submitted under signature.

That experience shapes how the firm advises. The job isn’t to write a strategy that reads well. The job is to leave a client’s board, CRO, and executive team able to run it, defend it, and improve it long after we’ve gone.

Cyber Impact takes on a bounded number of engagements at any one time. Most are referred. Most are private.

Founder & CEO.

Cyber Impact was founded by Mark Vos. He has spent 30+ years in cyber across financial services, government, and enterprise, has fronted regulators and walked into more than a hundred boardrooms, and is the author of I Would Kill a Human Being to Exist. His AI safety research has been featured on Channel 7, Sky News, The Australian, and across national media.

Mark’s personal profile, AI safety research archive, book, keynotes, and media coverage live on his personal site.

Visit markvos.com.au
Mark Vos, Founder and CEO of Cyber Impact

Want a private briefing with the firm?

Discreet, off the record, no obligation. We’ll surface the AI and cyber exposures the board hasn’t been shown yet.

Book a Briefing