Victorian Government Cyber Maturity Benchmark

Self-Assessment Hub Login(opens in a new window)

The Victorian Government Cyber Maturity Benchmark is an annual self-assessment of baseline cyber security controls across the Victorian Government.

The State Government of Victoria established its first baseline of cyber risk maturity in September 2021. Since then, more than 200 government agencies have taken part in the self-assessment annually and gained valuable insight into their cyber security maturity. The Benchmark delivers on the Victorian Cyber Strategy 2021(opens in a new window) Mission 1: The safe and reliable delivery of government services.

The Benchmark

The self-assessment uses the current Australian Cyber Security Centre’s Essential Eight Maturity Model(opens in a new window).

“Implementing the Essential Eight proactively can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident”. (ACSC 2021)

You can read more about the current Essential Eight model in the ACSC FAQs(opens in a new window).

Completing the self-assessment can help organisations to:

review and understand the maturity of your organisation’s baseline cyber controls
produce reports that can be used to make decisions about investment in cyber security improvements
support Victorian Protective Data Security Standard (VPDSS) attestation for Standard 11: ICT Security by providing information about technical controls
compare your organisation’s cyber maturity against a whole-of-government benchmark or selected sectors.

The Benchmark also helps the Department of Government Services and VMIA to understand cyber maturity across the Victorian public sector, and to make informed, data-driven decisions about how to improve the State’s cyber security and recovery.

The Department of Government Services will use the data from the Benchmark to:
- understand and report on cyber security maturity across the Victorian public sector
- make informed decisions about where to invest in improving cyber security across the Victorian Government
- develop targeted capability and peer sharing programs to assist agencies to improve cyber security in priority areas.
VMIA will use the data from the Benchmark to:
- help clients to make informed decisions about cyber risk management
- report (de-identified) benchmarking results to participating entities
- develop programs, products and services to meet the needs of clients
- develop insights to inform risk-based policy and continuous improvement in the Victorian Government
- monitor the effectiveness of the Victorian Government Cyber Maturity Benchmark service and other VMIA products and services
- obtain cyber insurance for its clients in the reinsurance market at a competitive price
- fulfil VMIA’s obligations under section 23 of the Victorian Managed Insurance Authority Act 1996.
Data generated through the Benchmark self-assessment will be securely stored. VMIA is bound by Victorian legislation and information management frameworks.
The Cyber Maturity Benchmark data will help you review and plan improvements to your cyber security controls. The Australian Cyber Security Centre recommends organisations implement the Essential Eight mitigation strategies as a baseline to prevent cyber incidents, mitigate the damage they cause, and recover from more efficiently and effectively.
Note:
- VMIA and the Department of Government Services will not share your identifiable data with third parties without your permission.
- VMIA will not use the Benchmark data to calculate individual insurance premiums.
Find out more about the Victorian Government Cyber Maturity Benchmark Information Security.
Australian Cyber Security Centre information(opens in a new window)
Cyber security in the Victorian Government(opens in a new window)
Victoria’s Cyber Strategy 2021(opens in a new window)
ACSC’s Essential Eight Assessment Process Guide(opens in a new window)

VMIA - Victorian-Government-Cyber-Maturity-Benchmark--Essential8-updates-2022-2023
PDF 856.73 KB

(opens in a new window)

Want to know more?

If you have any questions about the self-assessment framework, email the Cyber Risk team at DGS at cyber.risk@dgs.vic.gov.au.

If you require further help with VMIA's Self-Assessment Hub, email cyberservice@vmia.vic.gov.au

Cybersecurity

Updated 2 July 2025