SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Email attachment20260319 598741 8b3nax
#
Ransomware
#
Advanced Persistent Threat Protection
#
SOCs

Infotrust buys Catalyst Cyber in AUD $5m federal push

Thu, 19th Mar 2026
Author image
By Sean Mitchell, Publisher

Infotrust has agreed to buy Canberra-based Catalyst Cyber in a performance-linked transaction valued at about AUD $5 million, expanding the ASX-listed security provider's reach into Australian Federal Government cyber security work.

The deal covers 100% of Catalyst Cyber and strengthens Infotrust's position as an Australian-owned cyber security provider for regulated environments.

Deal terms

Consideration totals about AUD $3.5 million in cash and AUD $1.5 million in Infotrust shares. The valuation is based on a 5x multiple of Catalyst Cyber's underlying EBIT.

The agreement also includes an uncapped earn-out, calculated at a 6x multiple of incremental EBIT growth delivered across FY27 and FY28.

Infotrust Managing Director and CEO Julian Challingsworth said market access was central to the deal. "Catalyst Cyber provides Infotrust with immediate access to federal government cyber security markets that are characterised by high barriers to entry and stringent assurance requirements," he said.

Federal focus

Catalyst Cyber specialises in federal government cyber assurance, advisory and compliance-driven engagements. Based in Canberra, it works with agencies operating under strict security and accreditation requirements.

Founder and Managing Director George Katavic leads the business. He has more than 20 years of cyber security management experience and built the firm around delivery in regulated settings.

The acquisition gives Infotrust entry into federal government cyber security work through existing agency relationships, security-cleared personnel, and specialist accreditations for IRAP assessments and the Essential Eight framework.

These accreditations are often required in government procurement, where assurance and compliance checks can form part of tender conditions. IRAP-the Information Security Registered Assessors Program-is widely used across Australian Government agencies to assess security controls for systems and services.

The Essential Eight is a baseline set of mitigation strategies published by the Australian Cyber Security Centre. Public sector organisations and regulated industries often align security programs to the framework.

Service fit

Infotrust offers managed security services, a 24x7 Security Operations Centre, and digital forensics. Catalyst Cyber's assurance and compliance work complements those services and deepens Infotrust's exposure to accreditation-led procurement.

Challingsworth said the acquisition supports a broader strategy focused on national ownership and regulated customers. "The acquisition strengthens our sovereign cyber capability and supports our strategy to build a scaled, Australian-owned platform focused on regulated and high-assurance environments," he said.

Katavic said the two businesses share an operating approach shaped by customer requirements. "Infotrust's operational maturity and sovereign operating model aligns closely with the expectations of high-assurance customers," he said.

"Together, we are better positioned to support long-term cyber resilience across public sector and regulated environments," Katavic said.

Recent moves

The Catalyst Cyber agreement follows recent changes at Infotrust as it reshapes its portfolio around cyber security services. It has divested its Cloud and Communications segment as part of a sharper focus on sovereign cyber security.

Infotrust has also appointed Chris Hatfield to lead its Forensic IT capability, as part of a broader emphasis on incident response and investigative work.

The mix of acquisitions, divestments and executive hires points to an active approach to capital allocation as cyber security demand rises across government and regulated industries. Australian organisations continue to face ransomware, data theft and disruption, sharpening board and executive focus on response readiness and assurance standards.

Infotrust's operations span managed security services, incident response, digital forensics and cyber investigations, covering prevention, detection, response and recovery for government and regulated customers.

Infotrust is listed on the ASX under the ticker ITS and has a national team of more than 250 professionals, including more than 200 cyber specialists.

The next phase will focus on integrating Catalyst Cyber's personnel and delivery model into Infotrust's operating structure, while the earn-out links management incentives to incremental EBIT growth across FY27 and FY28.

Related stories
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching
IWF & Cyacomb launch workplace abuse material scans
Cork Cyber adds automated mapping to Vantage platform
How Atomgate uses education and partnership to drive successful SonicWall upgrades

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding