CyberCX has released its annual Digital Forensics and Incident Response Year in Review Report for 2023 

Essential Eight​ services

Improve your organisation’s cyber security posture by adopting the Essential Eight series of mitigations, as recommended by the Australian Cyber Security Centre (ACSC) and required for specific industry sectors.​


Talk to an expert

Two cyber security professionals looking at computer screen in an office


In Australia, cyber security starts with the Essential Eight


According to the Australian Cyber Security Centre, the average cost associated with cyber crime is the greatest for medium sized organisations. In CyberCX’s experience, this is often due to business growth and corresponding reliance on technology outpacing organisational awareness of cyber security.

Small business – $46,000

Medium business – $97,200

Large business – $71,600

*Average self-reported cost of cyber crime in Australia (ACSC)


By making informed decisions early on about your organisation’s approach to cyber security, you can assure your partners and customers that your technology systems are secure while reducing the chances of falling victim to cyber crime and becoming another statistic.


What is the Essential Eight? 


The Essential Eight are a series of mitigations taken from the larger Strategies document that ACSC identify as one of the most effective approaches to making it harder for adversaries to compromise systems.​​

For many organisations, the Essential Eight represents a no-frills way to establish a robust cyber security baseline and provide insights to prioritise ongoing security investment.

Straightforward and prioritised

Cyber security can be confusing. There’s new terminology, unfamiliar concepts, and endless options and opinions. The Essential Eight cuts through the confusion to provide a focused list of actions that any organisation can use to help better protect their data, systems and people.

Tailored mitigation strategies

The Essential Eight mitigation strategies are organised according to a corresponding maturity level designed to mitigate increasing levels of threat actor tradecraft. This means you can pick the maturity level that is proportionate to your organisation’s cyber threat profile and invest in stages to achieve your goal.



Contribute to a cyber resilient Australia

The Australian Government is investing heavily to encourage widespread implementation of the Essential Eight across diverse organisations from critical infrastructure to defence to government.

The idea is that a rising tide lifts all boats: the more Australian organisations that have a solid cyber security baseline, the more cyber secure Australia will be as a whole. In fact, the Department of Home Affairs recently released a national strategy for Australia to be a world leader in cyber secure by 2030.


Essential Eight core mitigation strategies

The Essential Eight comprises eight core mitigation strategies which provide the targeted direction necessary to secure your technology where it matters.

Patching applications

Ensure that your applications are securely maintained and that vulnerabilities are mitigated.

Patching operating systems

Ensure that your internet facing services and technology systems are securely maintained and that vulnerabilities are mitigated.

Multi-factor authentication

Protect your users’, employees’ and customers’ accounts from compromise across your business applications.

Restricting administritive privileges

Establish secure approaches to administering and managing your technology environment.

Application control

Prevent malicious software from executing by establishing explicit control over applications and software.

Lock network icon

Microsoft Office macro settings

Strengthen Microsoft Office macros to prevent them from being maliciously abused.

Hardening user applications

Protect your end-user systems from exploitation and malware.

Performing regular backups

Ensure that your technology systems can be restored, and your important information recovered in the event of a cyber incident.

Ready to get started?

Find out how CyberCX can help your organisation’s cyber security posture by adopting the Essential Eight.

Trusted cyber security partner to leading Australian organisations.

CyberCX Trusted By Australian Organisation Logos


Why should you consider the Essential Eight?

The Essential Eight is a curated and regularly updated list of cyber security controls based on the Australian Signals Directorate’s (ASD) experience. It was established to help organisations like yours establish effective defences against the cyber threats facing Australian organisations and the incidents they cause. Based on CyberCX’s experience, some of the most common cyber incidents impacting Australian businesses include:

Phishing / Social Engineering

Targeting people to trick them into giving up sensitive information or performing unauthorised actions


  • Financial losses through unauthorised financial transactions.
  • Digital harm to critical technology systems through unauthorised access and compromise of user accounts.

Malware Exploitation and Ransomware

Abusing weaknesses in technology systems to get a foothold and follow-up with malicious activities


  • Reputational impact through loss of trust and potential negative media reporting.
  • Financial losses through business interruptions, ransom payments and/or destruction of systems and information.
  • Loss of or inability to recover critical business information or access to technology systems.

Information Loss (aka Data Breach)

Stealing and/or publishing confidential information (including accidentally)


  • Reputational impact through loss of trust and potential negative media reporting.
  • Financial losses through loss of intellectual property and loss of customers.
  • Psychological and/or financial harm to individuals affected.

CyberCX Essential Eight services

Tailored Essential Eight services to meet your organisation’s size, needs and budget


Essential Eight Jump-Start

For organisations at ML0 – 1

New to the Essential Eight? We can help you understand how you currently stack up to the maturity model and give you advice and direction on quick wins to increase your cyber security posture where it matters for you.

Essential Eight Assessment

For organisations between ML1 – 3

Have you implemented some controls but you’re not quite sure how well you stack up? Want to gain better insights into your currently maturity level or confirm your mitigation approach? Our security experts will work with you to understand your current environment and determine how your maturity model is working and what can be improved.

Essential Eight Assurance

For organisations at ML3 seeking detailed assurance from an IRAP Assessor

At the end of an implementation or remediation project and want to confirm that what’s been implemented operates as expected? Our security experts will work with you to perform testing to give you assurance that you meet your maturity level.

Need more help to get to your target maturity level? CyberCX’s end-to-end cyber security capabilities across our Cloud and Network Engineering services can help you implement and manage your key security technology solutions.

Ready to get started?

Find out how CyberCX can help your organisation’s cyber security posture by adopting the Essential Eight.


Why partner with CyberCX for your Essential Eight efforts?

End-to-end capability

CyberCX is Australia’s leading cyber security provider with unmatched skill and expertise across all areas of the Essential Eight. Our end-to-end options provide support where and when it is needed.

Experience and expertise

Specialised practitioners across multiple domains associated with Essential Eight, coupled with significant experience in advising, implementing and supporting the maintenance controls.

Trusted partners ​

CyberCX has assisted dozens or organisations with their Essential Eight journey and associated uplift programs. From discovery to assessment, we join our customers on their Essential Eight journey and help carry the load.

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.