SGS Economics & Planning Strengthens Cybersecurity with Essential Eight Implementation

SGS Economics & Planning is a multidisciplinary, employee-owned B Corp consultancy with over 60 staff across Australia and New Zealand. The firm supports government agencies, councils, infrastructure bodies and industry groups with economic modelling, planning advice, and spatial and data analytics.

With a significant portion of its client base in the public sector, SGS must demonstrate strong cybersecurity maturity, particularly alignment with the Australian Cyber Security Centre’s Essential Eight framework.

To meet increasing procurement expectations and strengthen internal governance, SGS engaged First Focus to conduct a full Essential Eight uplift and ongoing security maturity programme.

The Challenge

By 2024, SGS Economics & Planning had invested in managed security services through First Focus, including endpoint protection and anti-phishing measures. However, their environment wasn’t yet aligned to a formal cybersecurity framework, and government clients were beginning to require proof of Essential Eight maturity.
Key drivers included:

• Government procurement requirements tied to Essential Eight maturity
• Internal governance expectations when handling sensitive planning and economic data
• A need for structured risk management and visibility

The Approach: Essential Eight Assessment & Implementation

1. Comprehensive Essential Eight assessment

In November 2024, First Focus delivered an in-depth assessment using ACSC methodology, evaluating SGS Economics & Planning against 152 control points. This included:

• Gap analysis
• Remediation roadmap
• Budget and prioritisation planning

2. Implementation to achieve maturity level one

SGS Economics & Planning selected First Focus to implement all recommended changes and reach Essential Eight maturity level one by September 2025.

Work delivered included:

• Application whitelisting deployment
• Creation of a cybersecurity risk register
• Improved vulnerability patching process
• Hardening of commonly exploited applications
• Business resilience planning
• Collaborative rollout with SGS teams

Results & Impact

SGS Economics & Planning achieved:

• Essential Eight maturity level one
• Improved visibility, risk management and governance
• Reduced exposure to common cyber threats
• A strong foundation for future Essential Eight maturity progression

Why It Matters

For mid-sized organisations working with government, Essential Eight uplift is increasingly necessary for compliance, tendering and governance. This project demonstrates how First Focus delivers practical, sustainable uplift that supports both security and business outcomes.