Reserve Bank of Fiji invests in cyber security solution for the future

Reserve Bank of Fiji, Data#3 and SecurityHQ Case Study


The Reserve Bank of Fiji wanted to improve its security posture for better protection against increasingly sophisticated cyber security threats.

IT Outcomes

  • The assurance of 24/7/365 monitoring.
  • Enable IT security staff to focus on other key security priorities.
  • Single platform using world-leading cyber managed security service provider.
  • Contextually based alerts without the noise.
  • Increased visibility of threats.
  • 24/7/365 incident response capability.

Business Outcomes

  • Heightened security skill level and awareness.
  • Reduced risk.
  • Enhanced reputation as a leader in the region.
  • IT team is mentored by experts.
“Having the managed SOC in place allowed the IT team to prioritise its focus on other areas, necessitated by the level of our security posture. Without the SOC in place, our IT team would need to work outside of business hours, always ensuring the phone is close by to make sure no warnings or suspicious activity were missed. Now, getting a call means it is a big issue, while anything else can wait for office hours. That has made it easier to sleep at night.”
Rajnesh Chand, Manager Cybersecurity & Innovation, Reserve Bank of Fiji.


As the central bank of the Republic of Fiji, the Reserve Bank of Fiji’s (RBF) functions include issuing currency and promoting monetary and financial stability in the economy, while providing policy advice and financial services to the government.

While the growing threat to the landscape has become increasingly challenging worldwide, several high-profile security incidents has highlighted the increased focus by cyber criminals within the Pacific region. For the RBF, limited visibility and a lack of specialised resources has made implanting effective security measures a challenge.


The RBF relies on a small, busy IT team to provide the tools that it needs to function. As the critical area of security has become more complex, specialist skills not available in-house were needed 24/7. For Manager Cybersecurity & Innovation, Rajnesh Chand, introducing a security operations centre (SOC) was a logical step.

“We knew we wanted to have a SOC solution in place, we knew how important it was. We had a vision, and initially we took it on in-house and put a solution together, and tried to get a sense of what having a SOC means. From this experience, we realised that it takes much more than a few security personnel to manage a SOC, given other priority security areas.” Rajnesh Chand, Manager Cybersecurity & Innovation, Reserve Bank of Fiji.

External factors necessitated the need to raise the bar of expectations. The onset of the global pandemic increased the number of employees working remotely, which saw an increase in cyber security incidents in the region.

We knew there were SOC services available, and it made sense to change our approach to consider something managed for the extra support. With service organisations, they have the set-up, and the experience of implementing security solutions for longer than we had, so we knew we could reap the benefits of that experience.


Data#3 proposed a solution in partnership with global managed security service provider, SecurityHQ, that featured 24/7 SOC support and availability, with built in incident response. Service and management of the solution were included, which featured a Data#3 Customer Experience Manager, in conjunction with the Fiji-based Data#3 team. Chand said that this combination of local service and global expertise gave him assurance that the RBF was in safe hands.

“First, we knew they had the capability. We knew the partnerships that Data#3 has, because we had already been long-term customers for our Microsoft licensing. We had been to some of their JuiceIT events, so we had exposure to their experts, and they have a local presence in Fiji as well, so there is knowledgeable support we can reach out to locally”
explained Chand.

During the tender phase, Data#3 and SecurityHQ presented their proposal in detail, taking time to gather information at every stage, and this attention to detail helped to prepare for the SOC implementation.

As a part of the solution, the RBF conducts weekly meetings with Data#3 and SecurityHQ. These are attended by RBF’s IT team as well as the bank’s executive risk management team, and other business leaders where needed. This reflects the commitment by the leadership of the RBF to better understand and manage cyber risk.

Aside from the meetings, weekly and monthly reports that show incidents are generated and submitted to the team. The risk team also receives notifications of incidents. The managed SOC solution frees up time for the team to focus on other operational priorities, knowing that someone is constantly monitoring security.

I think the first ten days we went through a learning phase, trying to understand what we should classify as a major alert. It was a good experience and gave us instant transparency in terms of things we may not have otherwise viewed as a threat. We introduced more rules to reduce false positives, and now we have a SOC that gives us visibility across all layers of security,
Rajnesh Chand, Manager Cybersecurity & Innovation, Reserve Bank of Fiji.


The RBF has a mandate to supervise licensed financial institutions, and provide guidance on key issues including cyber security.

Governor for RBF, Ariff Ali, commended the team on achieving the compliance expected and reiterated the assurance afforded to the RBF team, now that they have the extra support from Data#3 and SecurityHQ.

“The security measures and controls the Reserve Bank has put in place have improved our posture and given us visibility and insight into any security concerns in real-time. This comfort allows the IT team to provide that advice previously absent with in-house support,” highlighted Susan Kumar, Chief Manager Currency and Corporate Services, Reserve Bank of Fiji.

“Because Data#3 has a local presence, we are able to have easy access to their services, while SecurityHQ offers us expertise in security. In addition, having a local relationship with Data#3 has provided great comfort to the RBF given its usual conservative stance with outsourcing,” said Kumar.

“The people there make a real difference – they have experience and expertise in technology across a wide client base, and are familiar with most of our challenges,” added Chand.

“When looking back at the progress already achieved, seeking specialist external skills through the managed SOC was a “no brainer”, as the reach of the service went far beyond anything that could have been reasonably achieved with the small internal team.”

Download Customer Story

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.