HomeServicesCase StudiesInsightsAboutBook a free review

Home / Services / Essential Eight

Assessment + uplift

Essential Eight Uplift

The Australian Cyber Security Centre's eight controls are becoming the entry ticket for government work and sane cyber-insurance premiums. I assess where you sit and lift you to where you need to be.

What the Essential Eight is

Eight mitigation strategies the ACSC judges most effective against real intrusions: application control, patching applications, patching operating systems, restricting macros, hardening user applications, restricting admin privileges, multi-factor authentication, and regular backups. Each is scored at a maturity level from 0 to 3.

Why it's turning up in your deals

Australian government agencies increasingly require a stated maturity level from suppliers, and it flows down the supply chain to companies your size. Cyber insurers have picked it up too; the difference between maturity 0 and maturity 1 across the eight can be visible on your premium. It's the rare compliance exercise with a direct dollar payoff.

What I do

  • Assess your current maturity level across all eight, evidence-based rather than aspirational
  • Agree the target level that your contracts and insurer actually require (rarely level 3)
  • Build the uplift plan, then implement the technical controls — most map directly onto SecOps work I already do
  • Document it in the language agencies and insurers expect

If you're also heading for ISO 27001, the two overlap heavily and I'll run them as one program rather than billing you twice for the same controls.