Lumenas

For Finance leaders

For finance leaders

Get clarity on the value of your IT spend

Most organisations spend $150K+ a year on managed IT services. Few have an independent view of what that investment actually covers.

The Lumenas end-to-end check gives you that picture in 30 minutes over 2 weeks, structured for board presentation.

$4.26M
average cost of an Australian data breach in 2024, up 27% since 2020

$50M
maximum Privacy Act penalty per serious contravention, or 30% of annual turnover

$5K
flat fee for the Lumenas end-to-end check, against $150K+ in annual MSP spend

2 weeks
from kickoff to your responsibility matrix, in 30 minutes of your time

Why an independent check

An independent audit of your IT environment, at a fraction of the cost

Most MSP contracts are scoped around technology delivery: infrastructure, helpdesk, connectivity. Governance, cybersecurity oversight, and compliance responsibilities often sit outside that scope. That’s not a failing on their part; it’s how the contracts are written.

The issue is that those unscoped responsibilities don’t disappear. They sit in a gap between what you assume is covered and what actually is. Regulators and auditors don’t distinguish between a gap that was overlooked and one that was managed.

A traditional cyber audit would find these gaps but costs $50K+, takes 6 to 8 weeks, and produces a technical report written for an IT team. The end-to-end check gives finance leaders the same picture: independent, structured, and in business language.

End-to-end check Traditional cyber audit
Cost $5K $50K+
Time to delivery 2 weeks 6 to 8 weeks
Your time commitment 30 minutes Ongoing
Output written for You Your IT team
Independent of MSP Yes Yes

What you get

Clarity on your IT position in 30 minutes over 2 weeks

A clear map of who owns what
70 IT responsibilities mapped across 8 domains. For each one: whether it’s yours, your MSP’s, shared, or currently unowned.

Next steps you can act on immediately
Prioritised recommendations in business language. You don’t need an IT team to action them. That’s the point.

Something to take to the board
Output structured for executive presentation, grounded in the same frameworks used in enterprise IT governance.

A documented governance record
Evidence that you reviewed your IT position independently. Relevant for auditors, insurers, and regulators.

A better MSP relationship
A shared, agreed map of responsibilities removes ambiguity on both sides. Good MSPs welcome it; it validates their work and clarifies the boundary.

A living system, not a shelf report
Your end-to-end check data flows directly into the Lumenas platform, so your picture of IT responsibility stays current as your business evolves.

FAQs

We have cyber insurance. Doesn’t that cover us?
Insurance covers some costs after an incident, subject to policy conditions being met. It doesn’t cover regulatory penalties, and insurers are increasingly requiring evidence of governance practices at underwriting. The end-to-end check supports both.
Our MSP recently did a review. Is that enough?+
An MSP review tells you what they cover. The end-to-end check gives you an independent view of the full picture, including what sits outside their scope.
Will this affect our MSP relationship?+
In our experience, the opposite. Good MSPs welcome independent validation; it confirms what they’re delivering and gives both parties a shared, agreed map of responsibilities. Most find it improves the working relationship.
How do we know it’s worth $5K?+
You’re spending $150K+ a year on managed services. The end-to-end check gives you the first independent view of what that investment actually covers and where the gaps are. Every pilot has surfaced at least one gap that, left unaddressed, would have cost significantly more.
What does the output look like?+
A responsibility matrix across 8 domains, colour-coded by owner. A prioritised gap list with business-language next steps. A one-page executive summary for your board pack. No technical report.

Get clarity on your IT position in 30 minutes over 2 weeks.

Independent. Business language.

Sources
  1. IBM Security / Ponemon Institute, Cost of a Data Breach Report 2024. Australian average: AUD $4.26M, up 27% since 2020. securitybrief.com.au
  2. Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 (Cth). Maximum civil penalty: the greater of AUD $50M, three times the benefit obtained, or 30% of adjusted annual turnover. ashurst.com
  3. 11:11 Systems research, cited in Technology Decisions AU, April 2026: 61% of Australian organisations required 1 to 2 weeks to fully recover from a cyber incident. technologydecisions.com.au
  4. OAIC v Australian Clinical Labs, Federal Court, September 2025. First civil penalty under the Privacy Act: AUD $5.8M for systemic cybersecurity governance failures. clydeco.com