SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
blueAPACHE launches managed human risk service with Mimecast

blueAPACHE launches managed human risk service with Mimecast

Thu, 2nd Jul 2026 (Yesterday)
Sofiah Nichole Salivio
SOFIAH NICHOLE SALIVIO News Editor

blueAPACHE has launched a managed human risk security service built on Mimecast for mid-market organisations in Australia.

The new service, Human Risk Management as a Service, combines security awareness training, policy visibility, behavioural controls and incident remediation under a per-user monthly pricing model. blueAPACHE says it is the first Mimecast channel partner to bring this managed model to market.

The offer is aimed at organisations with 50 to 1,500 seats, a segment that often manages cyber risk through separate products and service lines. It is designed to sit alongside blueAPACHE's existing managed services and managed detection and response packages.

Michael Zuppa, Chief Executive Officer of blueAPACHE, said the model reflects how mid-market buyers approach security spending.

"In the mid-market, customers are buying an outcome, not a product," said Michael Zuppa, Chief Executive Officer of blueAPACHE.

He said blueAPACHE had already been delivering elements of the service through its virtual Chief Information Security Officer, email security and awareness training work, but had not previously packaged them as a single managed offer.

"What they need is a managed service that takes responsibility for awareness, cultural uplift, visibility and remediation as a continuous, consistent capability. We have been delivering parts of this for years across our vCISO, email security and awareness training services, but the structure was not clear enough for customers to engage with it as a whole. Human Risk Management as a Service changes that," Zuppa said.

The launch comes as companies face increasing pressure to address risks linked to staff behaviour, phishing attacks and the use of public artificial intelligence tools in the workplace. Many mid-sized businesses are still developing data classification and data loss prevention rules while employees are already using AI services in day-to-day work.

Risk focus

The service is designed to provide oversight and controls during that transition period, including visibility into how data is accessed, moved and used across corporate and public AI environments. That places it in a growing area of security spending focused on internal behaviour rather than only perimeter defence.

Mimecast is the technology partner behind the service. blueAPACHE said it selected the platform after assessing security vendors aligned with managed service providers, citing Mimecast's human risk command centre, reporting tools and support for subscription and licence management.

Lizelle Hughes, ANZ Partner Leader at Mimecast, said human risk remains difficult for organisations to manage at scale.

"Human risk has always been the hardest part of the security equation to operationalise at scale," said Lizelle Hughes, ANZ Partner Leader at Mimecast.

She linked the launch to a concentration of risk among a small group of users and to the spread of AI agents inside organisations.

"blueAPACHE has developed something that will make meaningful change for Australian organisations. The reality is that 8% of employees generate 80% of risk, and AI agents now operate with the same access and none of the judgment that a human brings. Mimecast was built to detect and respond to that exposure across every channel where humans and AI agents work. This is the kind of outcome-focused thinking that moves the whole industry forward, and Australian organisations stand to benefit directly," Hughes said.

The service is already live with customers, according to blueAPACHE. The company described the launch as part of a broader relationship with Mimecast that includes managed service delivery, reselling and implementation work for larger customers.

Mid-market demand

The announcement highlights how managed security providers are reshaping products into recurring services for mid-sized customers that may lack the internal staff to run separate awareness, policy and remediation programmes. Packaging those functions into one monthly service allows providers to present security work in operational rather than purely technical terms.

blueAPACHE said the service also responds to regulatory compliance demands and security framework requirements that are becoming harder for mid-sized organisations to manage on their own. It argues that the gap between current security maturity and acceptable protection remains wide for many businesses.

Zuppa said the urgency is linked to the speed of AI adoption inside organisations.

"Time is the risk," Zuppa said.

"Organisations are already on an AI journey whether they are ready or not. We need to ensure the visibility and controls we have in place are protecting the customer while they are still working through their maturity. That is what this service is designed to do," he said.

Mimecast, which is headquartered in London, says it serves more than 42,000 organisations and 27 million users worldwide.