Cyber
ASD Unveils New Cyber Framework to Replace Essential Eight
The Australian Signals Directorate has proposed a major update to its widely used Essential Eight cyber security framework, introducing a new "Essentials" model aimed at helping organisations respond to evolving threats linked to artificial intelligence and modern technology environments.
The Australian Signals Directorate (ASD) has unveiled a new cyber security framework that will eventually replace the Essential Eight cybersecurity framework, marking the most substantial revision of Australia's baseline cyber guidance since the model was introduced in 2017.
The agency has launched consultation on its first of a series of security programmes referred to as the ‘Essentials' series. The first draft, Essentials for Enterprise IT, will offer guidance on a broader spectrum of technology environments than the existing Essential Eight cyber security framework.
The changes are proposed as organisations are under growing cyber threats related to cloud computing, AI tools, mobile devices and software accessed via the web. The new building will be designed to facilitate the management of security risks within modern technology systems, while ensuring it integrates with current controls, according to ASD.
Importantly, the agency has stated that they would not force organisations that are already on the same page as the Essential Eight cyber security framework to remove their existing security investments. Instead, the eight mitigation strategies in the framework will be incorporated into a bigger security model.
The review comes at a time when cyber incidents continue to increase. The Australian Cyber Security Centre's Annual Cyber Threat Report 2024–25 shows 84,700+ cybercrime reports were made in the financial year, representing a report for cybercrime every six minutes.
The centre has also handled over 1,100 major cyber security events impacting government bodies, critical infrastructure providers and private sector entities.
The report revealed that losses from cybercrime rose dramatically, with an average estimated loss of about A$80,000 per organisation, based on the organisations reporting losses to the survey. Average losses for medium sized businesses were over A$97,000 and for large businesses average costs exceeded A$200,000.
Cyber risks expand across industries
The most common sectors targeted by cyber incidents are financial services, healthcare, telecommunications, professional services and government agencies. Ransomware attacks, business email compromise and credential theft remain among the top types of attacks reported by Australian authorities.
Other issues identified by the World Economic Forum's Global Cybersecurity Outlook 2025 and affecting cyber policy review in a number of jurisdictions include the rise of AI-powered cyber attacks, supply-chain risks and heightened exposure to cloud environments.
Aligning with Global Security Models
The shift is part of a larger trend in the advanced economies to move towards risk-based cyber security frameworks. The United States is using the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and the United Kingdom's National Cyber Security Centre is advocating for more general cyber resilience guidance instead of specific technical controls.
Consultation on the new framework will continue until 12th July 2026 and there are plans to bring more modules out as the Essentials series is expanded.
Source: Information AGE
Follow Inspirepreneur Magazine for daily global business news.