Victorian Government Cyber Maturity Benchmark

The Victorian Government Cyber Maturity Benchmark is an annual self-assessment of baseline cyber security controls across the Victorian Government.

The Cyber Maturity Benchmark has been developed to help public sector organisations to review and plan improvements to their baseline cyber security controls.

The State Government of Victoria established its first baseline of cyber risk maturity in September 2021. Since then, more than 200 government agencies have taken part in the annual self-assessment and gained valuable insight into their cyber security maturity to help bolster the defences of Victorian Government networks against current and emerging cyber threats.

The Benchmark delivers on the Victorian Cyber Strategy 2021 Mission 1: The safe and reliable delivery of government services.

The Benchmark assessment

The Benchmark self-assessment is a tool that helps public sector organisations to:

• review and understand the maturity of their organisation’s baseline cyber controls;
• produce reports that can be used to make decisions about investment in cyber security improvements;
• support Victorian Protective Data Security Standard attestation for Standard 11: ICT Security by providing information about technical controls; and
• compare their organisation’s cyber maturity against a whole-of-government benchmark or selected sectors.

Victorian Government Cyber Safety Unit

The benchmark also helps the Victorian Government Cyber Safety Unit and the Victorian Managed Insurance Authority (VMIA) to understand cyber maturity across the Victorian public sector. The benchmark is also used to make informed, data-driven decisions about how to improve the State’s cyber security and recovery.

The Victorian Government Chief Information Security Officer recommends organisations implement the Essential Eight mitigation strategies as a baseline to prevent cyber incidents, mitigate the damage they cause, and recover from such incidents more efficiently and effectively.

How does VMIA use the data?

VMIA uses the data from the Benchmark to help our clients to make informed decisions about cyber risk management and to develop programs, products, and services to meet their needs. We also use the data to obtain cyber insurance for our clients at a competitive price in the reinsurance market.

The data is also used to report (de-identified) benchmarking results to participating entities, develop insights to inform risk-based policy, monitor the effectiveness of the Victorian Government Cyber Maturity Benchmark service, and fulfil VMIA’s obligations under section 23 of the Victorian Managed Insurance Authority Act 1996.

VMIA does not use the data collected in the Benchmark self-assessment tool to calculate individual insurance premiums, and no identifiable data is shared with third parties without an organisation’s permission. Data generated through the Benchmark self-assessment is securely stored. VMIA is bound by Victorian legislation and information management frameworks.

Learn more about VMIA by visiting their website.

The opinions expressed above are those of the author and do not necessarily reflect the views of IPAA Victoria.