FAQ’s

Mercury IT is a Gold Coast-headquartered managed IT and security services provider serving Australian businesses for over two decades. We operate as both an MSP (Managed Service Provider) and MSSP (Managed Security Service Provider), delivering integrated technology and cybersecurity services. With approximately 50 staff, ISO 27001 and ISO 9001 certifications, and Microsoft Certified Partner status, we provide enterprise-grade capabilities to small and medium businesses across Gold Coast, Brisbane, Sydney, and Melbourne. Our security team holds CISSP and CCIE certifications with over 25 years of combined cybersecurity experience, and our assessors have completed the official Essential Eight Assessment Course.

Mercury IT combines deep technical expertise with practical business understanding. Our consultants translate complex security requirements into clear business terms for executives and boards. We focus on genuine risk reduction rather than compliance checkboxes, implementing controls that actually protect your business. We also work collaboratively—if you have an existing MSP or MSSP, we can add specialist security capabilities or independent assurance without disrupting your current arrangements. As a local Queensland provider serving national clients, we offer responsive, relationship-based service with competitive pricing that makes enterprise security accessible to mid-market businesses.

Mercury IT has deep experience in regulated industries where data protection is critical. We specialise in healthcare (with over 20 years of experience in radiology, dentistry, allied health, and private practice), legal services (matter confidentiality and trust account protection), aged care (quality standards compliance), financial services (APRA CPS 234), and not-for-profit organisations. We also serve manufacturing and construction businesses protecting intellectual property, and professional services firms managing sensitive client information. This industry focus means we understand your specific compliance requirements and threat landscape.

Mercury IT holds ISO 27001 certification (information security management) and ISO 9001 certification (quality management), demonstrating our commitment to rigorous, audited processes. Our team members hold individual certifications including CISSP (Certified Information Systems Security Professional) and CCIE (Cisco Certified Internetwork Expert). We are a Microsoft Certified Partner. Our Essential Eight assessors have completed the official Essential Eight Assessment Course designed by the Australian Signals Directorate’s Australian Cyber Security Centre and delivered by TAFEcyber, enabling us to accurately assess and improve organisations’ Essential Eight maturity.

The first step is a no-obligation discovery call where we understand your business, current security posture, and compliance requirements. From there, we recommend an appropriate starting point—whether that’s a security assessment, Essential Eight gap analysis, or immediate managed security services. If you already have an MSP or MSSP, we can discuss how we add value through specialist security services or independent assurance. Most engagements begin with a baseline assessment so we can prioritise recommendations based on your specific risks and budget. Contact Mercury IT to schedule your initial consultation.

Mercury IT can be reached through our website at mercuryit.com.au, by phone, or by email. Our Gold Coast headquarters serves clients across Australia including Brisbane, Sydney, and Melbourne. For general enquiries, our business hours team can discuss your requirements and schedule an initial consultation. For urgent security incidents, managed security clients have access to our 24/7 incident response line. Visit mercuryit.com.au to get in touch or request a callback.

Mercury IT provides managed IT and cybersecurity services across Australia. Our core service areas include Gold Coast and South East Queensland (same-day on-site support), Brisbane (rapid on-site response), and Sydney and Melbourne (remote-managed security with scheduled on-site consulting). Our 24/7 security monitoring and managed services operate identically across all locations through secure remote management technology.

Mercury IT is a Gold Coast-based managed security service provider with headquarters serving the Gold Coast region for over two decades. As a local Managed Security Service Provider (MSSP) with deep roots in the Gold Coast business community, we provide same-day on-site response, face-to-face consulting, and ongoing relationships with local businesses. Our team holds CISSP and CCIE certifications, and our organisation maintains ISO 27001 and ISO 9001 certifications. We specialise in protecting professional services, healthcare, and tourism businesses across the Gold Coast region.

Yes. Mercury IT serves Brisbane businesses from our Gold Coast headquarters, providing the same rapid response and hands-on service as our local Gold Coast clients. Brisbane clients benefit from our proximity—we are less than an hour away for on-site incident response, security assessments, and face-to-face strategy sessions. We currently protect businesses across Brisbane CBD, South Brisbane, and the greater Brisbane metropolitan area.

Mercury IT delivers managed security services to Sydney businesses through our 24/7 remote security operations combined with scheduled on-site presence. Our security monitoring, threat detection, and incident response operate identically regardless of location—your Sydney business receives the same protection as our Gold Coast clients. For assessments, strategy workshops, and major incidents, our consultants travel to Sydney regularly. This model provides enterprise-grade security without the enterprise price tag of Sydney-based providers.

Yes. Mercury IT provides managed cybersecurity services to Melbourne businesses through our remote-first delivery model. Our 24/7 security monitoring, endpoint protection, and incident response function seamlessly across any Australian location. Melbourne clients benefit from our competitive Queensland-based pricing while receiving the same certified expertise and response capabilities. We conduct on-site security assessments and executive briefings in Melbourne on a scheduled basis.

Mercury IT is a Queensland-based managed security service provider headquartered on the Gold Coast. We serve businesses across South East Queensland including Gold Coast, Brisbane, Sunshine Coast, and Toowoomba, as well as regional Queensland businesses through remote-managed security services. As a Microsoft Certified Partner with ISO 27001 certification and CISSP and CCIE certified consultants, we bring enterprise security capabilities to Queensland’s small and medium business market.

For managed security services, location matters less than capability and response time. Modern cybersecurity—threat monitoring, endpoint protection, incident response—operates remotely through secure connections. What matters is your provider’s certifications, response time, expertise, and track record. Mercury IT delivers enterprise-grade security to businesses across Australia from our Gold Coast base, with the ability to be on-site in South East Queensland within hours and in Sydney or Melbourne within 24 hours for critical incidents.

Mercury IT provides rapid incident response for businesses across Australia. Our security team begins remote triage within one hour of notification, containing the threat and assessing the scope of the incident. For Gold Coast and Brisbane clients, on-site response is available within four hours for critical incidents. Sydney and Melbourne clients receive on-site support within 24 hours when required. We follow established incident response procedures including containment, eradication, recovery, and post-incident reporting required for notifiable data breaches under Australian law.

If you suspect a cyber attack, immediately isolate affected systems from the network to prevent spread, do not turn off computers as this may destroy forensic evidence, document everything you observe including times and symptoms, contact your IT security provider or Mercury IT’s incident response team, and avoid paying any ransom demands before receiving expert advice. Time is critical—the faster you respond, the more options you have for recovery. Mercury IT provides 24/7 incident response support for managed security clients.

Under the Privacy Act 1988, Australian businesses must notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach is likely to result in serious harm. This includes breaches involving personal information like names combined with financial details, health information, or identity documents. Notification must occur as soon as practicable after becoming aware of the breach. Penalties for serious privacy breaches can reach $50 million, three times the benefit obtained, or 30% of adjusted turnover—whichever is greater. Mercury IT helps businesses assess breach severity, meet notification obligations, and implement improvements to prevent future incidents.

AI introduces new security risks including data leakage through public AI tools like ChatGPT, shadow AI usage by employees without IT oversight, and AI-powered social engineering attacks. The Mimecast State of Human Risk Report found 81% of organisations are concerned about sensitive data leaks via generative AI tools. Businesses need an AI governance policy that defines acceptable AI use, protects sensitive data from being entered into AI systems, and trains staff on AI-specific risks. Mercury IT provides AI governance consulting, helping organisations develop policies and technical controls that enable AI innovation while maintaining security and privacy compliance.

Cybersecurity ROI comes from multiple sources: avoided incident costs (averaging $56,600 for small and $97,200 for medium Australian businesses per the ACSC), reduced cyber insurance premiums with proper controls in place, maintained business continuity avoiding costly downtime, and protected reputation preventing customer loss. Additionally, strong security posture is increasingly required to win contracts with government and enterprise clients—the ACSC reports government tenders now commonly mandate Essential Eight compliance. Mercury IT helps businesses quantify their risk exposure and implement controls that deliver measurable return on security investment.

According to the ACSC Annual Cyber Threat Report 2024-25, the average cost of a cyber incident for Australian small businesses is $56,600—a 14% increase from the prior year. For medium businesses, costs average $97,200 (up 55%). Cyber insurance claims are increasingly being denied for businesses without adequate controls like multi-factor authentication and endpoint protection. Investing in preventative cybersecurity is significantly cheaper than recovering from an attack. Mercury IT helps businesses implement cost-effective, Essential Eight-aligned security that satisfies insurers and protects your bottom line.

Cybersecurity costs vary based on your business size, complexity, and compliance requirements. According to the ACSC, Australian businesses should expect cyber incidents to cost an average of $56,600 for small businesses and $97,200 for medium businesses when attacks succeed. Investing in preventative security is significantly more cost-effective than incident recovery. Mercury IT offers scalable security packages starting with essential protection (endpoint security, email filtering, MFA) through to comprehensive managed security with 24/7 monitoring. We provide transparent, fixed-monthly pricing so you can budget with certainty.

Yes. Mercury IT works collaboratively with other MSPs and MSSPs. We understand that many businesses have long-standing relationships with IT providers and don’t want to disrupt what’s working well. Whether you need us to add a security layer on top of your existing IT management, provide independent assurance over your current security provider, or deliver specialist services like Essential Eight assessments and board reporting, we integrate smoothly with your existing arrangements. Our focus is on improving your security outcomes, not replacing trusted relationships.

Yes. Some organisations require independent assurance over their existing security provider’s work—particularly for board reporting, regulatory compliance, or internal governance requirements. Mercury IT provides independent cybersecurity assurance services, reviewing and validating your current MSSP’s controls, reporting, and incident response capabilities. We deliver objective assessments and board-level reporting that gives executives and directors confidence in their security investments. This independent oversight model is increasingly requested by boards seeking assurance that security commitments are being met.

Yes. Many organisations have an existing MSP handling their general IT operations but need specialist cybersecurity capabilities their MSP cannot provide. Mercury IT works collaboratively with your existing MSP, adding a dedicated security layer including SIEM/SOC monitoring, endpoint detection and response, vulnerability management, and security incident response. We also provide board-level security reporting and assurance that gives executives and directors visibility into your security posture. This collaborative model means you keep your trusted IT partner while gaining enterprise-grade security oversight.

Look for industry-recognised certifications that demonstrate verified expertise. Key individual certifications include CISSP (Certified Information Systems Security Professional) for strategic security leadership and CCIE (Cisco Certified Internetwork Expert) for network security. Organisation-level certifications like ISO 27001 (information security management) and ISO 9001 (quality management) demonstrate mature, audited processes. For Essential Eight assessments, look for assessors who have completed the official Essential Eight Assessment Course designed by the Australian Signals Directorate’s Australian Cyber Security Centre. Mercury IT holds all of these certifications and qualifications.

A Managed Service Provider (MSP) handles general IT operations like helpdesk support, network management, and infrastructure maintenance. A Managed Security Service Provider (MSSP) specialises in cybersecurity—threat monitoring, incident response, vulnerability management, and compliance. Many businesses need both. Mercury IT operates as both MSP and MSSP, providing integrated IT and security services so your technology and protection work as one unified system rather than separate silos with gaps between them.

When selecting a cybersecurity provider, evaluate their certifications (look for CISSP, CCIE, ISO 27001, or Microsoft security certifications), their local presence and response capability, whether they offer 24/7 monitoring, and their experience in your industry. Ask about their Essential Eight implementation and assessment experience and whether they can support your compliance requirements. Request references from businesses similar to yours. Mercury IT meets all these criteria as a certified MSSP with proven experience across healthcare, legal, finance, and not-for-profit sectors.

Cyber Security is quite topical for a number of reasons: increased cyber-criminal activity, increased monetisation of stolen data, increased focus on protecting data by governments (such as the Notifiable Data Breach Scheme in Australia and the GPDR in Europe) and large corporations (such as Facebook). Cyber Security is squarely in the spotlight and for good reason, protecting our business and personal information is more important than ever as the consequences for failure are continuing to grow exponentially. Recent studies have shown that 60% of small businesses and 30% of large business never recover from a significant data breach event.

Based on the ACSC Annual Cyber Threat Report 2024–25 and broader industry trends, the biggest cybersecurity threats remain ransomware and extortion, phishing and credential theft, business email compromise, and attacks targeting exposed edge or cloud services. Threat actors are increasingly using automation and AI-assisted techniques to scale social engineering and identify vulnerable systems. Maintaining the Essential Eight, strong identity security (MFA, conditional access, least privilege), and rapid patching are the most practical ways to reduce exposure.

You need a cybersecurity provider if your business handles sensitive customer or financial data, relies heavily on IT systems for operations, must meet regulatory or contractual security requirements, or lacks in-house capability to design and maintain strong security controls. The ACSC recorded over 84,700 cybercrime reports in FY2024–25 (around one report every six minutes), showing that cyber risk is a routine business issue, not a rare event. A specialist provider helps you reduce risk, respond faster to incidents, and demonstrate due diligence.

The consequences are severe and increasingly costly. According to the ACSC Annual Cyber Threat Report 2024-25, the average cost of a cyber incident for Australian small businesses is $56,600, rising to $97,200 for medium businesses and $202,700 for large businesses. These costs increased by 14%, 55%, and 219% respectively in just one year. Beyond direct costs, businesses face reputational damage, customer trust erosion, and potential legal penalties under the Privacy Act reaching up to $50 million for serious breaches. Mercury IT helps businesses avoid these consequences through proactive security management.

Cybersecurity protects data using a defence-in-depth model with multiple layers of protection. This includes technical controls such as encryption (making data unreadable without authorisation), next-generation firewalls (blocking malicious traffic), endpoint detection and response (protecting laptops and servers), access controls (ensuring only authorised users can access sensitive data), and continuous monitoring for signs of a data breach. Mercury IT implements these layered defences aligned to the Essential Eight framework recommended by the Australian Cyber Security Centre.

According to the ACSC Annual Cyber Threat Report 2024–25, the most common cyber threats affecting Australian businesses include phishing and other social-engineering scams, ransomware and other forms of malware, business email compromise, and attacks that exploit unpatched or misconfigured internet-facing systems. The Essential Eight and layered security controls are designed to reduce the likelihood and impact of these threats.

Cybersecurity is the practice of protecting your company’s networks, devices, and data from digital attacks, data theft, and unauthorised access. Mercury IT is a Gold Coast-headquartered managed security service provider delivering cybersecurity solutions to businesses across Australia, with dedicated focus on South East Queensland, Sydney, Melbourne, and Brisbane. With over 25 years of experience, ISO 27001 and ISO 9001 certifications, and Microsoft Certified Partner status, we help organisations protect customer data, maintain compliance with Australian privacy regulations, and prevent the financial and reputational damage that accompanies a breach.

Yes, at Mercury IT, Cyber Security is a part of everything we do. We offer  a complete range of Cyber Security services, check out our Cyber Security pages for more information here  

The Privacy Amendment (Notifiable Data Breaches) Act 2017, also known as Notifiable Data Breach (NDB) legislation is an amendment to the Privacy Act 1988 that came into effect on February 22, 2018. The legislation is regulated by the Office of the Australian Information Commissioner (OAIC).

The NDB scheme requires organisations covered by the Australian Privacy Act 1988 (Privacy Act) to notify any individuals likely to be at risk of serious harm by a data breach.

• It affects a significant number of businesses including all those who have turned over $3million in revenue since 2001, it captures a number of other businesses regardless of turnover based on a number of different criteria
• Data breaches that cause serious harm to individuals are reportable
• In the event of non-compliance, the Office of the Information Commissioner (OAIC) can:
  • Apply for civil penalty orders of up to $420,000 for individuals (such as directors and sole traders) and $2.1million for organisations and;
  • The Commissioner can also make organisations pay compensation for damages and issue a public apology
• For more information regarding the NDB scheme click here

No. In fact we can guarantee that at some point, at least some part of your IT system will break. Multi-million dollar IT budgets in multinational companies and governments, have system issues from time to time. Mercury IT’s strength is our commitment to our customers and we will work tirelessly to get our customers back working. Customers with Managed Service Agreements are given priority to resolve issues, whereas customers on Ad Hoc arrangements are resolved on a ‘best efforts’ basis. We do however do everything we can to get all of our customers back working as soon as possible.

Business IT support is a professional service focused on your entire company’s technology, not just one device. Unlike consumer support, it’s designed to minimise business downtime and maximise productivity.

An IT helpdesk is your team’s single point of contact for all technology issues. Our helpdesk provides fast, expert support to resolve daily problems like password resets, software glitches, or connectivity issues. It acts as a dedicated, outsourced extension of your business, ensuring your staff aren’t left troubleshooting problems on their own.

Yes, a modern IT support model requires both. Most IT issues can be resolved via remote support, getting your team back to work faster.

Mercury IT offers a comprehensive suite of IT solutions tailored for businesses across all industries. This includes our core Managed IT Services, Cybersecurity Solutions, Cloud Services (like Microsoft 365 and Azure), IT Project Management, strategic IT Consulting, and hardware/software Procurement.

An IT Solution is typically a specific product or a one-time project to solve a business problem (e.g., installing a new firewall or migrating you to the cloud). Managed IT Services is the ongoing, proactive partnership where we take full responsibility for managing, monitoring, and supporting your entire IT environment for a monthly fee.

When choosing a provider, prioritise a partner with proven experience in your industry and with businesses of a similar size. Look for a provider that is proactive, not reactive, and has a dedicated cybersecurity department.

Absolutely. We don’t offer “one-size-fits-all” packages. Our process begins with a thorough assessment of your current technology, business goals, and operational challenges. From there, we design and implement a set of IT solutions that are specifically tailored to improve your efficiency, security, and scalability.

A Managed Service Provider is an IT company that provides services to business customers. Services include: support, consulting, cyber security, project services, advice and guidance. They become the business customer’s trusted IT partner utilising skilled staff to provide cost effective and scalable services. Our comprehensive managed IT service includes helpdesk support, proactive network monitoring, and a complete data backup and disaster recovery plan. It also covers vendor management, software patching, and strategic IT consulting to align your technology with your business goals.

The most effective engagement model is provided through an on-going monthly support agreement. This is called a Managed Service Agreement. Managed Service Agreements are tailored to the client’s specific needs including requirements for out of hours, on-site support or to augment existing IT staff.

Managed services reduce downtime by being proactive, not reactive. Through 24/7 monitoring, we identify and fix potential issues like hardware failures or security risks before they can cause an outage. Regular patch management and maintenance also prevent system crashes and security vulnerabilities, keeping your team productive.

An in-house team consists of direct employees, which can be costly and may have skill gaps. Managed IT services give you on-demand access to an entire team of specialists such as (in cybersecurity, cloud, networking,) for a monthly fee. This is often more cost-effective and provides a much broader range of expertise than a small internal IT team.

Yes, managed services are designed to scale with your business. As you add new employees, open new offices or locations, or adopt new technologies, your IT plan can be adjusted. This is far more flexible and cost-effective than the slow and expensive process of hiring and training new full-time IT staff.

Managed IT providers are the frontline defence for SMBs. We implement a layered security strategy that includes 24/7 threat monitoring, endpoint protection, firewalls, email filtering, and critical patch management. This multi-layered approach provides enterprise-grade security that is difficult for an SMB to implement and manage on its own.

The ‘Cloud’ has and continues to be a hot topic of conversation amongst both IT providers and businesses and the term ‘Something as a Service’ has been overused extensively. The short answer: cloud computing is simply utilising processing and storage systems that are not located within your site. The long answer: cloud computing is complex and includes multiple different offerings and technologies that are designed to achieve a number of outcomes, some of which include: leveraging economies of scale, provide enhanced resiliency, reduce capital costs and provide enhanced scalability. O365 is commonly touted by IT providers as ‘The Cloud’, O365 is a multi-faceted and comprehensive offering and includes a number of hosted components, for more information on 0365 click here. Cloud computing can be on public cloud infrastructure such as Azure, AWS, Google or private cloud infrastructure through bespoke cloud providers utilising data centres.

Some of the most common Cloud offerings include:

• Infrastructure as a Service (IaaS) – replaces on-premise infrastrucutre (such as servers) with hosted infrastructure.
• Software as a Service (SaaS) – moves applications from being locally installed to a delivery model utilising (often) a browser based software application. Common examples include O365, Salesforce, Xero etc.
• Desktop as a Service (DaaS) also sometimes referred to a Virtual Desktop Infrastructure (VDI) – provides a complete desktop experience (similar to your Windows desktop PC) that is cloud hosted, these sessions can be accessed via multiple different devices from anywhere that has a stable and reasonable internet connection
• Backup as a Service (BaaS) – provides an off-site repository for backup data. BaaS is one of the most important, yet under exposed cloud offerings. Having an off-site, up-to-date backup set in a secure location is one of the best and cheapest insurance policies that a business can have.
• There are many other cloud services that utilise either full or partial cloud technology. An example of this is cloud managed network infrastructure, where there is a physical device installed onsite, however the management interface is provided via a cloud service, thus providing the best of both worlds

At Mercury IT, we understand that one size does not fit all. Cloud computing is absolutely an important component of the technology environment, however, when we work with a client, we ascertain the righttechnology for them. This may be a public and/or a private cloud offering, an on-premise offering or a hybrid arrangement. We build our recommendations around the specific requirements, objectives, security and operational needs of our customers.

There are many right reasons to move services to the Cloud, doing because someone else has, is definitely not one of them. When we work with a customer we get a comprehensive understanding of their organisational objectives, their operating environment, their users and their current and future technology requirements. We then look at the best solution for them and provide a complete solution that provides the best outcomes for them. For an honest appraisal of your Cloud needs, contact us.