The pitch sounded good – a customized software program platform constructed for only a few thousand {dollars}. It will deal with buyer enquiries, course of information, and run core enterprise features. Offshore builders promised fast supply and rock-bottom pricing.
However six months later, every part goes to hell in a handbasket – the system is breached, buyer information is compromised. The corporate is now dealing with a whole rebuild, regulatory investigations, and prospects are questioning whether or not they are often trusted.
The ‘low cost’ route simply turned the costliest resolution the enterprise ever made.
“We see this continually,” says Daniel Foster, CEO of Joondalup-based Redi Software. “Firms come to us after attempting the perceived cheaper choice. Usually the platforms are in such a poor state that we now have to start out from scratch.”
This kind of incident isn’t remoted both – in 2024, software program vulnerabilities surged 61%, with a 96% spike in exploited vulnerabilities. And in accordance with Verizon’s 2024 Knowledge Breach Investigations Report, exploitation of vulnerabilities because the important path to provoke a breach nearly tripled.
The remediation actuality
After 15 years constructing customized software program options and incomes recognition as Joondalup Enterprise of the 12 months in 2025, Daniel’s group of 25 builders has develop into certainly one of Western Australia’s largest software program growth firms. They’ve additionally develop into specialists in one thing that ought to by no means be obligatory: fixing software program that was constructed improper the primary time.
“We discover that primary safety measures like correctly safe passwords aren’t even thought of, generally” Daniel explains.
Sadly, it’s generally worse than simply easy negligence. Daniel has encountered platforms constructed overseas the place builders deliberately embedded malicious code throughout the construct, then activated it as soon as the system launched, with companies then being held at ransom.
Usually, the price of remediation finally ends up dwarfing no matter was ‘saved’ on the preliminary construct. Misplaced income. Broken status. Regulatory penalties. Emergency safety responses.
That is the place a safe by design strategy could make all of the distinction.
What ‘safe by design’ truly means
With 108 new vulnerability alerts coming in daily on common in 2024, and exploitation of vulnerabilities practically tripling as an assault vector, constructing in safety from the beginning is not elective anymore – it is survival.
“For every part we construct, safety is primary,” Daniel says. “Some firms are outsourcing growth abroad to Pakistan or India, with no oversight on the technical veracity of what’s being constructed. We all know each line of code, who constructed it, the place it’s.”
This experience comes from expertise within the sectors the place safety failures have fast, devastating penalties. Redi has spent 15 years constructing banking and monetary options, healthcare platforms, and fintech purposes.
The corporate’s consumer checklist displays this vary: from startups of their early phases by means of to billion-dollar operations like Spudshed, Kitchen Craftsmen, and Curtin College. The range is large, however the safety customary stays fixed.
“We have got patterns we observe,” Daniel explains. “All workers have it drilled into them so each venture takes a finest apply strategy. We will construct safe software program far more cheaply than programs constructed elsewhere as a result of we now have established processes. Construct velocity is fairly fast whereas efficiency is tried and examined.”
Firms come to Redi as a result of they should tick each field. However more and more, they’re coming as a result of they should repair what occurs when these containers have been by no means ticked in any respect.
The AI phantasm: everybody’s a developer now
If the problem of safe software program growth was vital earlier than, synthetic intelligence has made it exponentially extra complicated.
“AI is an excellent factor,” Daniel says. “However it’s made lots of people imagine they’re software program builders. Everybody thinks it is simple to be an skilled in the event that they use AI.”
The proliferation of AI-powered growth instruments has democratised software program creation. Now you can construct easy apps that automate processes and enhance enterprise operations with out writing a single line of code your self.
This accessibility introduces huge danger, relying on what you are utilizing it for and the way far you are taking it.
Actual situations Daniel has encountered: CEOs performing as software program builders constructing core items of their enterprise that take care of buyer information and enquiries. Then they depart the corporate, and all of the sudden entry, management and safety develop into main issues.
“You may ask ChatGPT about your headache,” Daniel says, “however you will not ask it to carry out surgical procedure. In the identical method, you may get an AI software to construct a small repetitive process, however you’ll be able to’t ask it to construct business-critical programs and retailer private information with out correct checks and balances.”
The questions you will need to ask
Earlier than selecting an AI growth software or participating a software program growth associate, enterprise leaders must ask onerous questions.
The place does your information dwell? Is it all of the sudden residing in Moscow? In a jurisdiction with weak privateness legal guidelines or hostile to Australian pursuits?
Who (or what) has entry to this information? Is the AI mannequin being educated on your online business data or buyer information?
What occurs if this technique will get turned off tomorrow? Do you will have contingency plans, or does your online business grind to a halt?
What occurs if this technique will get hacked tomorrow? Would leaked information matter? Would a ransomware assault cripple operations?
Have you learnt each line of code and who wrote it? Are you able to confirm there is no malicious code hiding in your system?
In Daniel’s opinion, for important enterprise instruments or programs dealing with private information, excessive warning is required. “It is not saying ‘do not use these instruments,'” Daniel clarifies. “It is simply ‘ensure you use them the best method’.”
Why Australian issues for important programs
Daniel is intentionally, as he places it, ‘militant’ about maintaining Redi Software program’s growth 100% primarily based in Joondalup, Western Australia, for each accountability and information sovereignty causes.
For healthcare, monetary providers, fintech, mining, and manufacturing purchasers, understanding that information by no means leaves Australian soil issues. It means compliance with Australian privateness legal guidelines. It means jurisdiction when issues go improper.
“Knowledge by no means leaves Australian soil,” Daniel emphasises. “It lives in Australian information centres.”
The corporate additionally takes on placement college students and interns from native universities, constructing the subsequent technology of safe software program builders whereas sustaining rigorous requirements.
For startups by means of to enterprises, this mixture of native accountability and confirmed safety practices gives what offshore options cannot: real peace of thoughts.
Constructing proper beats fixing later
The false dichotomy in software program growth is velocity versus safety. The actual trade-off although is upfront price versus long-term danger.
“Assume actually onerous about what you are constructing,” Daniel advises. “Consider the long-term prices.”
Whether or not you are a startup constructing your first product or a longtime enterprise including new capabilities, the rules are the identical. Safety is not a characteristic you bolt on. It is a basis you construct from.
Your software program needs to be constructed proper the primary time. As a result of in cyber safety, there are not any do-overs with out penalties.
—
Cecily Rawlinson is the Director of CyberWest Hub, Western Australia’s central drive for advancing cyber safety. The Hub is dedicated to strengthening the state’s cyber business, growing a future-ready workforce, and elevating cyber consciousness throughout all sectors of the financial system. For extra data, you may get in contact with Cecily at director@cyberwesthub.au.
Daniel Foster is certainly one of many consultants that exist in Perth to help firms with their cyber safety and information privateness challenges. CyberWest Hub is related to a variety of native consultants – discover out extra at https://www.cyberwesthub.au