What level of Maturity is best for my organisation?

Before implementing the Essential Eight strategy, it’s important to identify which stage of the model your organisation is currently at, and which stage you’d like your organisation to be at.

No organisation should aim for a bad level of cyber security. For this reason, Maturity Level Zero should be considered a risky place to be. If your organisation does find themselves at this level, immediately enlisting the help of experts is advisable.

According to the ACSC:

• Maturity Level One may be suitable for small to medium enterprises

• Maturity Level Two may be suitable for large enterprises

• Maturity Level Three may be suitable for “critical infrastructure providers and other organisations that operate in high threat environments”.

As previously mentioned, all levels of the Essential Eight Maturity Model act as a baseline for your organisation’s cyber protection. At every level, further measures that are directly tailored to your organisation can be applied based on your specific needs.

Note: Nothing about the digital age is static, so your cyber security strategy won’t be either. Therefore, regular updates are constantly being made to the Essential Eight strategy. In line with this, your organisation's additional security measures should also be updated. This is why regular cyber security audits are so vital.