What Essential 8 maturity level is your organisation? [Complete guide]

What is E8? How does it differ from other frameworks? Why is it important for businesses in Australia (and globally)?

In this post, we'll break down these questions AND more, including the levels of maturity in E8 and how you can get started in Onwardly.


Exciting news: the Essential 8 (E8) framework is now available in Onwardly!

We've productised E8, making it easier than ever to get started, complete tasks, and improve maturity in real time.

With Onwardly's cyber resilience SaaS platform, you can achieve the highest standards in cybersecurity as recommended by the Australian government. Start a free trial now.


What is the Essential 8?

The Essential 8 is a set of baseline mitigation strategies developed by the Australian Cyber Security Centre (ACSC) to help organisations to protect themselves against various cyber threats. These strategies are designed to be practical, cost-effective and highly effective in preventing security incidents. Essential 8 includes:

  1. Application whitelisting
  2. Patching applications
  3. Configuring Microsoft Office settings
  4. User application hardening
  5. Restrict administrative privileges
  6. Patch operating systems
  7. Multi-factor authentication
  8. Daily backups

Why is the Essential 8 different from other frameworks?

While there are numerous cybersecurity frameworks available, the E8 stands out due to its simplicity, practicality, and focus on the most critical and effective controls.

Unlike other frameworks that might be complex and resource-intensive, the E8 is designed to be achievable even by smaller orgs with limited resourcing. It prioritises the most impactful actions that can significantly reduce the risk of cyber incidents.

Understanding the levels of E8 maturity

The E8 framework categorises orgs into different maturity levels based on their cybersecurity capabilities. Knowing your maturity level is crucial for understanding where you stand and what steps you need to take next. Here's a breakdown:

Maturity Level 0: Incomplete

  • Security measures are either non-existent or are ad-hoc and reactive.
  • Lack of formal policies and procedures, inconsistent application of security controls.
  • Next steps: Begin with basic security measures such as regular backups and patching.

Maturity Level 1: Partially Aligned

  • Initial steps have been taken to implement the E8 controls, but they are not yet fully integrated into daily operations.
  • Some security measures are in place, but there are gaps and inconsistencies.
  • Next steps: Formalise policies and ensure consistent application of existing controls.

Maturity Level 2: Mostly Aligned

  • Most of the E8 controls are implemented and integrated into the organisation's processes.
  • Security measures are generally effective, but there may be room for improvement in certain areas.
  • Next steps: Regularly review and update security controls, and address any remaining gaps.

Maturity Level 3: Fully Aligned

  • All E8 controls are fully implemented, consistently applied, and regularly reviewed.
  • Strong security posture with comprehensive measures in place to prevent and mitigate threats.
  • Next steps: Continuously monitor and improve security measures to adapt to evolving threats.

How to easily implement the E8 framework

Onwardly has productised the Essential 8, streamlining the process of implementing these vital cybersecurity strategies. Here's how:

  • Maturity assessments: Onwardly conducts security assessments to identify gaps and provide actionable insights.
  • Guided implementation: Our platform offers step-by-step guidance to help you implement each of the E8 controls.
  • Real-time maturity improvement: Track and improve your cyber maturity in real time using our Progress Tracking feature.


By understanding your E8 maturity level and leveraging the program in Onwardly, you can build a robust cybersecurity defence that protects your business from threats. Don’t wait—start your journey towards enhanced cyber resilience today! Click here to begin your free trial.

Unbeatable cyber resilience 🦹

Winner of 2021 iSANZ Best Startup

"We wanted a solution that was fit for purpose, reflecting our age and stage, while delivering the outcomes we wanted for our customers and people. After looking at what was available, Onwardly stood out as serving this purpose perfectly."

Kendall Flutey

Founder & CEO