The research

Built on a published evidence base, not a hunch.

Three numbers that frame the obligation, the threat picture and the Essential Eight maturity gap. Each one is publicly sourced and dated. Open the source, read the original, draw your own line.

11 / 13 / 4

SOCI sectors, CIRMP-obligated asset classes and CIRMP hazard domains, all attested by the board annually under s.30AG.

CISC CIRMP Factsheet, April 2025

11 / month

critical infrastructure incidents against Australian assets in 2024-25, with energy, water and transport the most-targeted sectors.

ASD Annual Cyber Threat Report, 2025

15%

of Commonwealth entities reached Essential Eight Maturity Level 2 in 2024, down from 25%. 71% blame legacy technology. Critical infrastructure operators are held to a higher bar.

ASD Commonwealth Cyber Security Posture, 2024

See the regulatory stack on /policy.

Ready to look inside

See cirmp AI run on a real CIRMP cycle.

Three minutes inside the demo. A live walkthrough on request. You will see what the next CIRMP attestation looks like when it writes itself.

See the live demo →Back to overview