Essential Eight Compliance


Cyber security standards for small-medium businesses

Small-medium businesses are the most at-risk of cyber threats


of all data breaches involve small-medium sized businesses.


of small-medium businesses are not financially prepared to recover from a cyber attack.


more cyber attacks on corporate networks were recorded in 2021 than 2020.


of small businesses consider their cyber attack and risk mitigation ability as “highly effective”.

every 7 minutes

a cybercrime is reported in Australia.



cybercrime reports made in 2021-2022 (13% increase on previous year)


average reported loss for Australian medium-sized businesses.*


total national self-reported loss.

Above sources “Brooks (January 2022), reporting in Forbes and Australian Cyber Security Centre Annual Cyber Threat Report (2021-2022) 

*Medium-sized businesses (defined by Australian Bureau of Statistics as between 20 and 199 employees) had the highest average loss per cybercrime report where a financial loss occurred. 

Australian Cyber Security Centre’s Essential Eight

Australian Cyber Security Centre (ACSC), based within the Australian Signals Directorate (ASD), has published a useful set of online resources that discuss the controls to put in place to keep your organisation secure.

While no set of mitigation strategies are guaranteed to protect against all cyber threats, organisations are recommended to implement eight essential mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline.

This baseline, known as the Essential Eight, focuses on making the work required for adversaries to compromise systems much harder.

There are eight areas where mitigations should be developed to help keep your organisation safe (see Figure 1) including:

  1. Application Control
  2. Patch Applications
  3. Configure MS Office Macro Settings
  4. User Application Hardening 
  5. Restrict Admin Privileges 
  6. Patching Operating System 
  7. Multi-factor Authentication 
  8. Regular Backups 

While the Essential Eight can help to mitigate most cyber threats, it will not mitigate all cyber threats. Proactively implementing measures to increase maturity around the Essential Eight can be time and resource intensive, however it is often less time and resource intensive than having to respond to a large-scale cyber security incident which could cause significant impact to your business concerns.

Figure 1 Centrered Essential Eight Maturity Model

Figure 1 Centrered Essential Eight Maturity Model

Our Proposal

Centrered will conduct an in-depth discovery across your IT Environment to establish how your organisation currently aligns with the ACSC Essential Eight Maturity Level One.

Upon completion of the discovery, Centrered will provide a report detailing where your organisation aligns with the Essential Eight. The report will provide you with an easy to understand controls assessment that will highlight the areas of Essential 8 that are covered, partially covered or not covered within your organisation. Click on Figure 2 to view a sample report.

The report will also detail any recommendations for your organisation to take into consideration to fully comply with Essential Eight. 


  • Clarity on your organisation’s alignment with Australian Cyber Security Centre guidelines.
  • Know what you need to do to reduce the risk of successful cyber attacks.
  • Have a clear report that informs you and your stakeholders.
  • Have information to make informed business investment decisions to increase your cyber security posture.
Figure 2 Example of Centrered Standards Coverage Report

Figure 2 Example of Centrered Standards Coverage Report

Get in contact with us

Register your interest by completing the contact form below or call our Sales Team on 6239 4222. Our existing ICT partners can contact their Customer Success Manager to learn more.

Step 1 of 3

Have you experienced cyber threats recently or have something specific you would like to improve? We can also discover this together.
How did you hear about us?(Required)