Skip to content
Gated intelligence

Not every briefing is free reading.

Three long-form documents, each written for a specific seat at the table — the owner, the board, and the operator managing the first day of an incident. Unlock with a work email and your role.

A GMAN IT report cover rendered in gold foil on obsidian.
Dossier 01

The Australian SMB Cyber Risk Report 2026

A data-driven look at what is actually targeting Australian businesses under 500 staff — sector breakdowns, breach-cost analysis, and where the control gaps consistently sit.

PDF · 18 pagesBusiness owners, directors, and operations leaders
  • ACSC report trends and what the year-on-year rise means by sector
  • Average breach cost and business-closure rate for Australian SMBs
  • Which control gaps appear most often across our own assessment data
  • A benchmarking checklist to compare your own posture against the sector

76,000+

cybercrime reports to the ACSC in FY24-25

Sealed until you provide your details

One email, the file, nothing else. We don't sell lists — discretion is the work.

Dossier 02

The Board's Guide to Cyber Risk Oversight

Cyber risk has become a governance question, not just a technical one. A practical guide for directors on the questions to ask, the obligations that apply, and the escalation protocol a board should expect.

PDF · 14 pagesDirectors and board members
  • Director duties and cyber risk under Australian corporate and privacy law
  • APRA CPS 234 governance expectations for regulated entities
  • The questions a board should ask management before an incident, not after
  • A board-ready incident-escalation and reporting protocol

67%

of AU SMB owners rate cyber a top-3 concern

Sealed until you provide your details

One email, the file, nothing else. We don't sell lists — discretion is the work.

Dossier 03

Incident Response Playbook: The First 24 Hours After a Breach

The decisions that matter most happen in the first day. A practical, operational playbook covering containment, the Notifiable Data Breaches clock, and how to communicate without making things worse.

PDF · 22 pagesIT managers and operations leads
  • A first-hour containment checklist, in the order actions should happen
  • The Notifiable Data Breaches 30-day assessment clock, explained
  • Internal and external communication templates for staff, clients, and regulators
  • A structured post-incident review so the same gap does not reopen

30 days

the NDB assessment clock once a breach is suspected

Sealed until you provide your details

One email, the file, nothing else. We don't sell lists — discretion is the work.

Reading is research. The assessment is the answer.

The whitepapers above tell you what to look for. The Cyber Readiness Assessment tells you exactly where you stand — credited toward your first year if you go further with us.