Essential Eight maturity assessment mapped to your cyber insurance questionnaire. One report that covers what your insurer, your customers, and the Privacy Act all care about. Big 4 firms charge $30,000+ for the same thing.
Guarantee: Under 3 critical gaps found? You don't pay.
Sound familiar?
Your insurer sent a questionnaire
Cyber insurance renewal comes with questions about MFA, backups, patching, and endpoint protection. You're not sure what maturity level you're at or what to put down.
A customer or contract needs it
A government tender, enterprise customer, or supply chain partner is asking about your Essential Eight maturity. You need a report, not a guess.
You've heard of E8 but haven't started
You know the ASD Essential Eight exists. You know you should be doing something about it. You just don't know where you actually stand or what to fix first.
Not sure where your gaps are?
Free 3-minute scorecard. Covers Essential Eight, Privacy Act, and cyber insurance readiness.
Essential Eight maturity, cyber insurance readiness, and Privacy Act compliance in one engagement. One report your insurer, your board, and your customers can all use.
Included if relevant to your business:
Typical Big 4 engagement
$30,000+
Your price
$6K-$8K
Delivered in 1-2 weeks. Not 6-8.
Under 3 critical gaps found? You don't pay.
Zero risk. I've never had to honour this.
Free scorecard
2 minutes. See where your business stands on Essential Eight, Privacy Act, and audit readiness. No email needed.
Take the scorecardDeep assessment
1-2 weeks, fixed price. I review your systems, policies, and controls against the Essential Eight and your insurer's requirements.
Written report
Evidence-mapped report with a prioritised remediation roadmap. Written so your insurer, your board, and your IT team can all use it.
Cyber insurance renewals
Your insurer sent a questionnaire about MFA, backups, and patching. You need real answers, not guesses. The assessment maps directly to what they're asking.
Government contracts
Tenders increasingly require Essential Eight compliance. A formal assessment gives you the documentation to include with your bid.
Enterprise customers
A customer or supply chain partner is asking about your security controls. The report gives them what they need without you scrambling to answer a 50-question spreadsheet.
Businesses that know they should start
You've been meaning to look at this. A cyber incident, a near miss, or a board question made it real. The assessment tells you exactly where you stand and what to fix first.
“You can see the difference of having a proper CTO knowing what they're doing. It's great to see you progressing this much.”
Lead auditor
ISO 27001:2022 surveillance audit
Libby Roberts
Founder, LeapForward
“He's the kind of person you trust with the most important parts of the product. Deeply technical, dependable, and an outstanding communicator.”
I'm an ASD Cyber Security Partner. The Australian Signals Directorate created the Essential Eight. I work directly with the agency that wrote the framework. Senior software engineer with 10+ years in platform infrastructure. Ex-Big Tech. CNCF maintainer.
I do the assessment myself. No juniors, no handoffs, no 200-page report written by someone who has never configured a firewall. You talk to me, I do the work, I write the report. That's why it costs $6K instead of $30K.
The Essential Eight is a set of baseline cybersecurity strategies developed by the Australian Signals Directorate (ASD). It covers application control, patching, restricting macros, user application hardening, restricting admin privileges, patching operating systems, multi-factor authentication, and regular backups. It's the framework most Australian cyber insurers now reference.
Most cyber insurers and government contracts expect Maturity Level 2 (ML2). ML1 is the baseline. ML2 means you have the controls in place and they're consistently applied. ML3 is for high-risk environments. The assessment targets ML2 unless your situation requires ML3.
Yes. The assessment maps your controls directly to the questions your insurer is asking. You get a report you can attach to your renewal application. If there are gaps, the remediation roadmap shows exactly what to fix and in what order before your renewal date.
It's mandatory for Australian government agencies. For private businesses, it's not legally required but is increasingly expected. Cyber insurers use it as a benchmark. Enterprise customers reference it in procurement. Government tenders often require it. In practice, it's becoming the minimum standard.
Three ways. First, I do the work myself. No juniors, no handoffs. You get a senior engineer with 10+ years experience, not a team where the partner shows up for the pitch and a graduate does the assessment. Second, it costs $6-8K instead of $30K+. Third, it takes 1-2 weeks instead of 6-8. Same rigour, less overhead.
Yes. The assessment identifies gaps and prioritises them. If you need help closing those gaps, I can scope a remediation engagement separately. Most businesses start with the assessment and then decide what they want to tackle themselves vs what they need help with.
Book a scoping call and I'll walk through what Essential Eight means for your business. Or check your score first.
Taking on 3-4 assessments per month. First in, first served.
