What decision-makers ask us

Your IT provider keeps things running. We keep things safe. General IT teams rarely have the depth to manage 12 security disciplines simultaneously. ITRS doesn't replace your IT — we complement it with dedicated, senior-level risk management. Think of it as the difference between a GP and a specialist.

70% of cyberattacks target businesses with under 200 employees — precisely because they assume this. Attackers know smaller businesses have fewer defences. The average breach cost for an SMB is R140,000, and 60% of breached small businesses close within six months. Size doesn't make you safe — it makes you easier to overlook until it's too late.

Day one: full risk assessment with your score quantified in monetary terms. Week one: critical gaps identified and remediation started. Month one: measurable risk reduction across all 12 disciplines. Month three: typical clients see 40–67% risk reduction. You'll have real-time dashboards from day one — proof your investment is working that you can show your board immediately.

We start with a 60-second risk assessment to understand your exposure. From there, we schedule a discovery call to map your environment, identify critical assets, and understand your compliance obligations. Within the first week, you'll have a full risk profile with your exposure quantified in monetary terms, a prioritised remediation roadmap, and real-time dashboards tracking your risk reduction.

Three things: First, we manage all 12 security disciplines as one integrated system, not siloed products. Second, we quantify your risk in rands, not traffic lights. Third, every interaction is with someone who knows your name, your environment, and your risk profile. Most MSSPs sell tools. We sell measurable risk reduction.

AEGIS ROC is our tiered cyber risk management platform. AEGIS Viz gives you complete risk visibility — dashboards, scoring, and quantification in monetary terms. AEGIS Reduce adds active threat detection, response, and continuous hardening across every attack surface. AEGIS Govern adds automated compliance monitoring and audit-ready reporting for SOC 2, ISO 27001, HIPAA, GDPR, and POPIA. Each tier builds on the previous, so your protection scales with your needs.

MAPO+R stands for Monitor, Automate, Prevent, Optimise, and Report. It's our continuous improvement cycle that runs across every risk surface. Rather than periodic audits or reactive firefighting, MAPO+R adapts to the threat landscape as it evolves — ensuring your security posture improves continuously, not just when something breaks.

We manage risk across endpoint security, email security, identity and access management, cloud security, network security, data protection, vulnerability management, security awareness training, incident response, compliance and governance, backup and disaster recovery, and security operations. Most providers cover three or four of these. We cover all twelve as one integrated system.

POPIA is fully enforced. The Information Regulator can levy fines up to R10 million and prison terms up to 10 years for non-compliance. All organisations must report breaches via the mandatory e-Portal and demonstrate "reasonable measures" to protect personal information. Organisations need to demonstrate encryption, access controls, and incident response capabilities. Our assessment maps your current posture against these requirements.

Yes. Many of our clients operate across jurisdictions, which means overlapping requirements from POPIA, GDPR, HIPAA, SOC 2, and ISO 27001. Our AEGIS Govern tier maps controls across frameworks, so a single security measure satisfies multiple requirements. This eliminates duplicate effort and reduces audit preparation time by up to 70%.

Absolutely. We provide pre-audit readiness assessments, gap analysis against the target framework, remediation support, and automated evidence collection. Our clients typically achieve audit readiness within 90 days. We also maintain continuous compliance monitoring so you're always audit-ready, not just at assessment time.

Less than a single incident. The average SMB cyberattack costs R140,000 — and that number rises 13% year on year. For context, manufacturing downtime alone costs R965,000 per hour. Protection costs a fraction of a single incident, scaled to businesses of 20–200 users. The arithmetic tends to be decisive.

We offer month-to-month agreements with no long-term lock-in. We believe in earning your continued trust through measurable results, not contractual obligation. Most clients stay because their risk scores improve — and they can see the proof in real time on their dashboards.

We quantify your risk in monetary terms from day one. Your AEGIS ROC dashboard tracks risk reduction over time, so you can see exactly how much exposure has been eliminated in currency, not abstract scores. Typical clients see 40–67% risk reduction within three months. The return on investment becomes self-evident when your board can see the numbers.

Our incident response protocol activates immediately. Automated containment isolates the threat within minutes. Your dedicated engineer — someone who already knows your environment — leads the response. You receive real-time updates throughout the process, a full post-incident report, and remediation to prevent recurrence. For AEGIS Reduce and Govern clients, our team is available 24/7.

A dedicated person. Every client is assigned a named senior engineer who knows your environment, your risk profile, and your business context. No ticket queues, no call centres, no explaining your setup to a different person each time. This is what we mean by the private banking of cybersecurity — personal, senior-level attention.

ITRS operates across seven countries: South Africa, United States, United Kingdom, Ireland, Australia, Canada, and New Zealand. Our team understands the regulatory landscape, threat profiles, and compliance requirements specific to each region. Whether you're operating locally or across borders, we manage your risk to one uncompromising standard.