At Ever Nimble, we are proud to be one of the few Managed Security Service Providers globally focused exclusively on the SMB market. Every day, our 24/7 Security Operations Centre sees the very real and evolving threats targeting businesses. These range from sophisticated phishing campaigns to ransomware. We have always believed that proactive cyber security should not be complicated. It needs to be straightforward, robust, and capable of genuinely protecting your data. As the threat landscape shifts, the frameworks we rely on to measure and validate those defences must also evolve.
Recently, the Australian Signals Directorate (ASD) confirmed a change that will reshape how businesses manage their security. The Essential Eight is officially being retired.
It will not happen overnight. Over the next two years, the framework is being phased out and replaced by a broader and more modern set of guidance called the Essentials series. If you have been working towards Essential Eight compliance, there is no need to panic because those foundational controls still matter. However, this change highlights a larger issue that the industry and small to medium businesses need to face. It is time to adopt a new approach.
Where the Essential Eight fell short
The Essential Eight has been brilliant for giving businesses a baseline for technical defence. We have to be honest about its biggest limitation though. It was never actually a formal certification.
Because it was a set of mitigation strategies rather than a strictly auditable standard, it was always open to interpretation. Two different businesses could both claim to be at “Maturity Level 2” yet have completely different security postures under the hood. Without formal auditing, businesses were essentially marking their own homework. For a growing business trying to prove their security to enterprise clients, government tenders, or cyber insurers, a vague checklist simply is not enough anymore.
Looking to the UK for inspiration
When we look at the tech landscape through our Swansea office, we see a much more robust approach to compliance. The UK government backs a scheme called Cyber Essentials. The basic tier is a self assessment, but what makes the framework truly great is the higher tier called Cyber Essentials Plus.
With Cyber Essentials Plus, your security is independently verified. A qualified external assessor actively tests your live systems, runs vulnerability scans, and checks your configurations. This independent verification is the gold standard. It provides absolute and undeniable confidence to supply chains, partners, and insurers that your defences are real and actively working.
SMB1001 is the solution we need
Australian businesses have desperately needed a practical and certifiable framework that bridges the gap between basic cyber hygiene and massive enterprise standards like ISO 27001. That is exactly what the new SMB1001 standard delivers.
SMB1001 is a layered cyber security standard built from the ground up specifically for small and medium businesses. Instead of just giving you a technical checklist, it frames cyber security as a complete discipline spanning technology, governance, incident response, and staff training. It gives you a clear and achievable roadmap from Bronze right through to Diamond.
The higher levels of SMB1001 take a page straight out of the Cyber Essentials Plus playbook because they require independent external verification. By achieving Platinum or Diamond certification under SMB1001, you are not just telling people you are secure. An external auditor has proven it.
Next steps
As the Essential Eight transitions into its next phase, the industry needs to stop viewing cyber security as an abstract guideline. We need a definitive and certifiable standard that proves our resilience and protects our hard work. SMB1001 is that standard.
At Ever Nimble, our core mission remains exactly the same. We deliver exceptional and straightforward technology solutions that actually work for your business. If you want to know how you can get ahead of this curve and transition your business to an independently verified standard, reach out to the team today. Let us build something secure together.
