Home / Resources / Essential Eight
A practical framework for cybersecurity. Developed by Australian experts, increasingly adopted across New Zealand.
The Essential Eight is a cybersecurity framework developed by the Australian Cyber Security Centre. It identifies eight key strategies that organisations should implement to protect against the majority of cyber threats. While originally designed for Australian government agencies, the framework has become a benchmark for businesses across Australasia.
The framework works because it focuses on what matters most. Rather than trying to address every possible threat, it targets the techniques attackers actually use. Studies show that implementing these eight strategies can prevent over 85% of targeted cyber intrusions.
Each addresses a specific attack vector. Together, they form a comprehensive defence.
The framework defines maturity levels. Higher levels provide stronger protection against more sophisticated attackers.
Maturity Level One provides basic implementation. It protects against commodity malware and opportunistic attackers using widely available tools. This is where most organisations should start, and for many smaller businesses, it offers sufficient protection against the threats they are most likely to face.
Level Two represents enhanced controls. At this tier, your organisation can defend against attackers who invest time and effort specifically targeting you. They may modify their tools or adapt their techniques. Organisations handling sensitive data or facing industry-specific threats typically need this level.
Level Three delivers comprehensive protection. It is designed to resist sophisticated attackers with substantial resources and expertise. These are the threats that make headlines: state-sponsored groups, advanced criminal organisations, and persistent adversaries. Government agencies and critical infrastructure organisations often require this level.
Most businesses should aim for at least Maturity Level One across all eight strategies. This provides solid protection against the majority of threats. The right level for your organisation depends on your risk profile, the data you hold, and who might want to compromise it.
We help NZ businesses assess their current state and implement improvements.
We evaluate your current security posture against each of the eight strategies. This is not a checkbox exercise. We look at how controls are actually implemented, where gaps exist, and what risks they create.
You receive a clear picture of where you stand. More importantly, you get a prioritised roadmap. Not all gaps are equally urgent. We help you focus on what matters most for your situation, considering risk, budget, and operational impact.
We configure the controls, deploy the tools, and make the changes needed to achieve your target maturity level. This is hands-on work, not just recommendations. Our team has implemented these controls across dozens of organisations.
Security requires continuous attention. We maintain your controls, apply patches, review configurations, and ensure your protection stays current as threats evolve. The Essential Eight is not a one-time project. It is an ongoing commitment that we manage on your behalf.
Already working with us? If you are a managed services client, we continuously work toward Essential Eight alignment as part of your service. Your security improves progressively without separate project costs.
The Essential Eight is not a compliance checkbox. It is a practical framework that works. Implementing these strategies properly requires understanding your environment, your risks, and your operational constraints.
We have helped organisations across New Zealand improve their Essential Eight maturity. From initial assessment to full implementation. The framework provides structure. We provide the expertise to make it real.
Understand where you stand and what it takes to improve.