As cyber threats continue to evolve in complexity and frequency, the imperative for robust information security across both government and private sectors in Papua New Guinea has never been more urgent.
In a recent interview with PNG Business News, Robert de Haan, founder and chief executive officer of Cypro Pty Ltd, outlined the growing need for proactive cyber risk management across the country.
“The finance sector is making progress to stay ahead,” de Haan remarked, “but there remains a significant journey ahead for broader business and government institutions. Information security awareness is rising, but it must be followed by decisive action. No organisation is too small to be targeted and the volume of attacks is increasing.”
Cypro: A Specialist Cybersecurity Partner for PNG Businesses
Cypro is an Australian-based cybersecurity consultancy focused on delivering high-quality, cost-effective services tailored to organisational needs.
Unlike traditional IT providers, Cypro does not resell third-party products. Instead, it develops and delivers in-house solutions that are practical, scalable and aligned with each client’s operational context.
For businesses in PNG seeking to better understand and manage their cybersecurity posture, Cypro provides clear, jargon-free advice backed by deep expertise.
Services include cyber maturity assessments, risk and compliance reviews, security policy development, ISO 27001 implementation, and ongoing governance assistance.
Cypro also specialises in human-centric cybersecurity, helping organisations reduce incidents caused by human error, insider threats or poor security culture through training, behavioural analysis, and human risk scoring.
Human risk scoring in cybersecurity measures how likely an employee is to cause or fall victim to a cyber threat — through mistakes, risky actions or malicious intent. It looks at things like password strength, phishing email clicks, access level, security training and device use. Based on these, a risk score is assigned. This helps organisations spot high-risk individuals and take steps like extra training, closer monitoring or limiting access to prevent security breaches.
“Our approach is different,” de Haan explained. “We don’t just send out checklists. We embed ourselves in our clients’ environments, learning their operations, understanding their people and processes, and delivering pragmatic security solutions that work in the real world.”
A Strong Message to PNG Businesses: Cybersecurity Is a Business Imperative
Mr de Haan’s message to Papua New Guinean organisations is clear: “Start focusing on cybersecurity. It’s not a tick-box exercise, it’s a critical business function. Every staff member must be security conscious. Something as simple as a misplaced full stop in an email address can have devastating consequences. Vigilance and awareness must become standard practice.”
What sets Cypro apart is its unwavering focus on helping clients build capability, not dependence. From regulatory compliance and critical infrastructure security to data protection and user awareness, Cypro offers a comprehensive, localised approach to cyber risk — which involves local staff, cultural adaptation, and training.
Partnering with the Mineral Resources Authority
In 2023, Cypro formalised a strategic partnership with the Papua New Guinea Mineral Resources Authority (MRA) to uplift the organisation’s cybersecurity maturity and achieve ISO/IEC 27001:2022 certification.
Speaking about the project, de Haan confirmed: “We officially commenced in late 2023 and formally launched the ISO 27001:2022 implementation in September 2024. Today, we are over 60% complete in the implementation process and the results are transformative.”
“ISO 27001 provides a globally recognised framework for securing information assets. Our work with MRA involves addressing physical, digital, process and human security controls and helping the agency transition towards paperless, modern and resilient operations.”
The partnership was driven by a clear demand from both internal and external stakeholders, including industry participants seeking confidence that MRA’s digital platforms are secure, reliable and aligned with international best practice.
MRA's Digital Future: Secure, Paperless and Trusted
Jerry Garry, managing director of MRA, described the collaboration with Cypro as a foundational element of the Authority’s broader digital transformation strategy.
“Our goal is to identify and resolve every potential risk, whether through improved policy or smarter systems,” Garry said. “We are on track to achieve ISO certification, which will validate the strength and resilience of our information security management system.”
MRA has already completed four of its major compliance deliverables with the remaining critical components — internal audit, management review, certification audit, and continual improvement — scheduled for completion in the coming months.
A key pillar of this transformation is the digital tenement application portal, which will allow licence holders to submit reports, applications and payments online. “We are currently doing the implementation and aiming to be finished by the end of 2025,” he said.
Another vital component is the live mineral data repository, an essential public resource that must be secured before public access can be enabled.
“Our aim is to become a fully digital, paperless agency,” Garry added. “But before we open our systems to external access, we must ensure they are robust, certified and protected against cyber threats.”
Cypro’s Commitment to PNG’s Cybersecurity Future
Cypro’s ongoing commitment to Papua New Guinea extends beyond individual engagements. The company is actively working to establish a local presence in Port Moresby and build long-term cybersecurity capacity within national institutions.
“Our work with MRA is setting a benchmark,” de Haan affirmed. “It demonstrates that public agencies in PNG can successfully partner with specialists to build secure, future-ready systems, and it highlights what can be achieved through leadership, collaboration and the right guidance.”
With proven expertise across governance, risk and compliance (GRC), critical infrastructure protection, and human risk management, Cypro stands ready to support PNG organisations of all sizes in strengthening their cybersecurity posture.
