A fast, practical way to understand your organisation’s cyber security maturity
Helping leaders answer the questions boards actually ask: Are we exposed? What matters most? What do we fix first?
Frameworks, controls, third-party risk, AI – it’s a lot to keep on top of, and boards are asking tougher questions more than ever. Avocado’s Cyber Security Assessment is a short, structured self-assessment designed to give you an immediate indicator of where your organisation sits today across cybersecurity controls, governance, risk and compliance. This assessment provides a quick baseline of your current cybersecurity maturity. It is not a formal compliance framework — it helps identify which recognised frameworks and controls are most appropriate for your organisation.
The assessment takes less than 5 minutes to complete. From there, turn the results into next steps – our experts can help you unpack your maturity profile, define your key problem statements, and outline high-level use cases tailored to your organisation in a complimentary session. Bring a colleague along and start your cyber maturity uplift today.
What the assessment covers
Built on real-world delivery experience across regulated industries including healthcare, financial services, utilities and government, our Cyber Security & Governance assessment and walkthrough uses Essential Eight as a baseline, then goes further to reflect the broader risks organisations face today. It evaluates maturity across twelve domains — spanning technical controls, governance, enterprise risk, third-party exposure and emerging AI risks — to provide a practical view of how well you protect, detect, respond and recover.
What makes it different
What makes it different is its focus on real-world resilience, tailored to your organisation’s operating model, sector and regulatory pressures, with recommendations designed to reduce risk - not create unnecessary complexity.
The focus isn’t on ticking boxes, but on prioritising the controls that genuinely reduce risk and recommending right-sized uplift aligned to your organisation’s size, sector and operating model.
”Essential Eight is a baseline - not a strategy. It tells you whether key controls exist. Our assessment and walkthrough tells you whether they’re enough for your business.
How the assessment works - designed to give leaders clarity — not complexity.
1. Complete a short, structured questionnaire
Answer 12 quick, multiple choice questions that assess your current practices across technical controls and GRC domains. It’s quick to complete and designed to gain a baseline maturity.
2. Use the maturity scale to guide your responses
For each question, select a rating from 1 to 5 that best reflects how your organisation operates today. Once complete, you’ll receive a classification placing your organisation into one of four cyber resilience maturity levels. This is not a pass/fail score, it’s a directional view to support informed decision-making.
3. Explore your results with Avocado
In your complimentary results walkthrough, our cyber specialists will unpack your maturity classification, validate what it means in the context of your business, and help identify the most appropriate next steps — whether that’s embedding Essential Eight, aligning towards ISO 27001 where justified, applying SMB1001, or prioritising targeted uplift based on your risk profile and operating model.
4. Decide your next move
Use your tailored insights to inform strategy, support board conversations, justify investment, and prioritise initiatives – with the option to partner with Avocado to deliver your roadmap.
Cybersecurity Control Maturity Scale - How to select your responses
This questionnaire has 12 multiple choice questions. For each question, choose the rating that best reflects what actually happens in your organisation today (not what’s written in policy).
You can complete it on your own or with a colleague from risk, IT, or security. For the most accurate result, we recommend involving at least one person who understands your day-to-day operations and existing controls.
Cyber Resilience Maturity Levels
Avocado’s Maturity Model
- Starting Out
- Developing
- Maturing
- Advanced
Drawing on decades of delivery, security, and governance experience, Avocado’s cyber resilience maturity model provides a practical, real-world lens across both foundational controls and emerging risks. It goes beyond traditional checklists to assess how well your organisation protects, detects, and responds across critical areas such as application security, patching, privilege management, resilience, governance, third-party exposure, and the rapidly evolving risks introduced by AI and machine learning.
Our walkthrough approach is tailored to your sector, organisational size, and risk appetite – ensuring uplift is proportionate and meaningful.
Ensures only approved and trusted applications can run across your environment, reducing the risk of malicious or unauthorised software execution.
Addresses known vulnerabilities by ensuring all applications receive timely and consistent security updates.
Reduces exposure to malicious scripts by blocking or limiting macros from untrusted sources.
Minimises attack surface by disabling unnecessary features, plugins and risky behaviours in commonly used applications.
Controls and limits elevated access to reduce the risk of privilege misuse and compromised credentials.
Maintains system integrity by keeping operating systems updated with essential security patches.
Strengthens identity assurance by requiring additional verification beyond passwords.
Examines the emerging risks associated with Data, AI and machine-learning systems, including data integrity, model misuse, and unintended behaviours.
Ensures rapid recovery and data resilience through secure, consistent, and tested backup practices.
Provides clarity, accountability, and alignment by embedding security into organisational oversight and decision-making.
Identifies, evaluates, and prioritises cyber risks to drive informed, actionable remediation.
Assesses the security posture of suppliers and partners to reduce exposure across your digital supply chain.
Who is this assessment for?
Designed for CISOs, CIOs, Risk teams, Cyber Security teams, IT leaders, and organisations looking for a pragmatic, fast way to benchmark their cyber security maturity before making strategic decisions. Whether your controls are emerging or already mature, this assessment provides a clear baseline and practical next steps.
Whether you are just starting to formalise your cybersecurity controls or are looking to validate a mature programme, this assessment will help you understand where you are today and what to prioritise next.
Why Avocado?
Founded in 2004, Avocado is a trusted Australian IT consultancy helping organisations uplift cyber security, technology delivery, and operational resilience. Our cybersecurity and GRC expertise spans strategy, architecture, implementation, and ongoing risk optimisation.
We help you:
- Translate technical controls into business language your executives understand
- Align cyber initiatives with governance, risk, and compliance expectations
- Prioritise use cases that deliver real risk reduction and measurable value
- Move from reactive firefighting to confident, data-driven decision-making
- Right-size recommendations to your industry, threat exposure, organisational size, and risk appetite – we never recommend unnecessary controls.
With Avocado, you’re not just filling out a survey. You’re taking the first step towards a clearer, more mature cybersecurity and GRC posture – so you can deliver with certainty.
