Infotrust sells Nexgen for AUD $50m to fund cyber push

Infotrust has agreed to sell its Cloud and Communications arm, Nexgen, for AUD $50 million as it narrows its business around cyber security and digital forensics.

The Melbourne-based, ASX-listed group described the sale as a strategic divestment that completes its shift away from broader technology services. Nexgen sits outside Infotrust's remaining core focus, which now centres on managed security and incident response.

Managing director and chief executive Julian Challingsworth linked the move to capital allocation and Infotrust's growth plans in cyber security.

"This transaction marks the completion of Infotrust's strategic transformation into a focused, sovereign cybersecurity business. The divestment of Nexgen unlocks capital at an attractive multiple and allows us to redeploy that capital into higher-growth, higher margin cybersecurity opportunities," Challingsworth said.

The proceeds will support acquisition activity. Infotrust flagged potential deals already under review, with an emphasis on expanding service breadth and geographic reach within Australia.

"The capital realised from this divestment will enable us to accelerate potential acquisitions that are in our pipeline, which will add to the capabilities and geographies that we serve across Australia," Challingsworth said.

Cyber focus

After the sale, Infotrust's operations will be entirely focused on cybersecurity services, including a 24/7 managed Security Operations Centre, threat intelligence, proactive threat hunting, cyber advisory and assurance, digital forensics, incident response, and sovereign cyber services.

The reshaping comes as cyber risks remain a board-level issue across Australia, particularly for companies and agencies that operate critical systems or hold sensitive data. Ransomware remains a persistent threat across sectors, while supply chain compromise is also a growing concern as organisations rely on webs of software suppliers and service providers.

Australian businesses have faced rising regulatory expectations around governance, monitoring and reporting. Penalties and enforcement actions have increased the cost of poor security practices. Cyber insurance requirements have also tightened, particularly around incident preparedness and response arrangements.

Sovereign positioning

Infotrust is positioning itself around "sovereign" cybersecurity services, a label that has gained prominence as government and regulated industries seek greater control over where services are delivered and by whom. The company is using the term to frame its direction as demand rises for local delivery models and domestic expertise.

"Our sovereign strategy ensures we strengthen national security, safeguard critical infrastructure, and remain resilient and strategically positioned to address evolving threats in an increasingly complex cyber landscape," Challingsworth said.

Infotrust has more than 250 staff nationwide, including more than 200 cyber specialists. It operates across multiple cybersecurity disciplines, from monitoring and detection to forensic investigation and incident response.

Market backdrop

Australia's managed security services market has expanded as organisations reassess how they run security operations. Many have shifted away from traditional IT outsourcing towards continuous monitoring, threat-led detection and rapid response services.

Buying behaviour has also changed. Boards and executives have increased scrutiny of suppliers with privileged access to networks, identity systems and data, while procurement teams place more weight on response readiness, reporting practices and assurance arrangements.

Those trends have put pressure on service portfolios. Providers that once combined connectivity, cloud and security services are increasingly deciding whether to run broad stacks or specialise. Infotrust's disposal of Nexgen puts it in the specialist category, with a narrower service focus and more concentrated exposure to cybersecurity demand cycles.

Infotrust has not disclosed the buyer's identity or detailed completion timing and conditions in the information released. It has framed the transaction as a milestone in its longer transformation, with acquisitions a central plank of the next phase.