Cyber Security Assessments
Know where you stand.
Fix what matters first.
CyberAssure provides downloadable cyber security assurance tools that run entirely on your own device. Answer guided questions, get your gaps identified and ranked by risk, and receive specific actions to fix them — without consultants, without sending data anywhere, and without ongoing subscriptions.
Professional Reports
Automated Word and Excel reports showing every gap, its risk level, and the action to fix it.
Instant Results
See your score the moment you finish. No waiting for consultants to write up findings.
Prioritised Actions
Every gap ranked by risk level with specific steps to fix each one.
No Consultants Required
Run assessments yourself. Same rigour, fraction of the cost.
The cyber security problem isn't awareness. It's knowing where to start.
of cyber attacks target small businesses—most aren't prepared
maximum penalty under the Australian Privacy Act for serious breaches
of organisations can't quantify their cyber risk to the board
Optional AI that earns its place.
Twelve AI capabilities accelerate every phase of an assessment — from understanding a framework paragraph, to reviewing evidence with confidence-rated suggestions, to generating the board-ready executive summary inside the Word report. Every assessment works fully without AI. It's entirely opt-in.
During the assessment
AI Advisor & Drafting
An AI assistant that explains framework requirements, drafts assessment notes from bullet points, and answers context-aware follow-up questions tied to your actual scores.
During review
AI Evidence Review
AI reads attached PDFs, Word, Excel, images and CSVs, assesses them against the framework requirement, and suggests a compliance level with a low/medium/high confidence rating.
In the report
AI Executive Summary
The Word report opens with an AI-generated executive summary written from your actual data — domain compliance, headline gaps, common findings, and recommended priorities. The CISO's board narrative, pre-drafted.
Across periods
AI Period Comparison
When you load a previous period for year-over-year comparison, AI drafts the narrative of what changed — improvements, regressions, trajectory — exactly the story regulators want to hear.
Bring your own API key · privacy preserved
AI features use your own Anthropic Claude API key, stored only in your browser's session memory — never saved to disk, never sent to CyberAssure. Requests go directly from your browser to Anthropic. Typical usage is a few Australian dollars per full assessment cycle. AI can be disabled entity-wide via Settings for sensitive engagements.
Built for the frameworks Australia actually faces.
Each assessment is purpose-built for its source framework — not a generic checklist. Pick the regime you need to demonstrate against.
AESCSF v2 Maturity Assessment
161 practices and 42 anti-patterns across 11 domains, SP1/SP2/SP3 targeting, multi-site portfolio mode, AEMO-ready output.
Learn more → 🇦🇺 APRA FinancialAPRA CPS 234 Assessment
Nine obligation areas, the six common gaps from APRA's tripartite programme, multi-entity group mode, FAR Accountable Person mapping.
Learn more → 🇦🇺 ACSC BaselineEssential Eight Assessment
All eight mitigation strategies and Maturity Levels 1–3 — application control, patching, MFA, backups, admin privileges, and more.
Learn more → 🇭🇰 Hong Kong CIOPCICSO Assessment
Hong Kong's Protection of Critical Infrastructures (Computer Systems) Ordinance — three obligation categories across the eight designated sectors.
Learn more → 🇪🇺 EU FinancialDORA Readiness Assessment
EU Digital Operational Resilience Act — five pillars covering ICT risk, incident reporting, resilience testing, third-party risk, and information sharing.
Learn more → 🇪🇺 EU Product SecurityEU Cyber Resilience Act
Australian businesses selling or exporting digital products to Europe — product classification, security by design, vulnerability handling, conformity assessment.
Learn more → 🌐 Global StandardNIST CSF 2.0 Assessment
All six NIST CSF 2.0 functions — Govern, Identify, Protect, Detect, Respond, Recover — with tier-aligned scoring and maturity tracking over time.
Learn more → 🌐 Global StandardISO/IEC 27001:2022 Assessment
Annex A control assessment plus ISMS clauses 4–10 — pre-certification gap analysis or annual surveillance audit preparation.
Learn more →Latest from the regulator beat.
Practical explainers on the regulations that matter to Australian businesses right now.
Ready to find out where you stand?
Get a clear picture of your security posture today. No sales call required.
Enterprise
Framework-aligned maturity and compliance assessments for CISOs, GRC leaders, and security teams. AESCSF v2, APRA CPS 234, ACSC Essential Eight, NIST CSF 2.0, ISO 27001, PCI DSS, SOC 2, DORA, EU Cyber Resilience Act, Hong Kong PCICSO, and more.
- Prioritised gap analysis—see every weakness ranked by risk
- Clear remediation actions—know exactly what to fix and why
- Answer the board's "how secure are we?" with data
- Audit-ready evidence without $50K consultants
- Track maturity improvements quarter over quarter
Small Business
Practical health checks for business owners. No jargon, no IT expertise needed. Industry-specific versions for accounting, legal, healthcare, and more.
- Prioritised action plan—gaps ranked by risk level
- Plain-English recommendations—fix gaps yourself or hand to IT
- Find out if you're protected—or just hoping you are
- Answer supplier and insurer security questions
- Complete in 60 minutes—no IT expertise needed
Common questions
Quick answers to what comes up most.
Do CyberAssure assessments use AI?
AI is built in but entirely optional. Every assessment works fully without it. When enabled, twelve AI capabilities accelerate the workflow — from an AI Advisor chat that explains framework requirements, to AI evidence review with confidence-rated suggestions, AI gap drafting and remediation drafting, AI executive summaries in the Word report, and AI period-comparison narratives across assessment cycles. AI uses your own Anthropic API key, stored only in your browser's session memory, never sent to CyberAssure.
Does my assessment data leave my device?
No. Assessments run entirely in your web browser. Your answers and evidence are saved locally on your own device and are never transmitted to CyberAssure or anywhere else. We literally cannot see your assessment data — there is no cloud database, no telemetry, no account required. When optional AI features are enabled, requests go directly from your browser to Anthropic using your own API key, with no CyberAssure server in the middle.
Which frameworks does CyberAssure cover?
CyberAssure covers Australian frameworks (AESCSF v2, APRA CPS 234, ACSC Essential Eight, SOCI Act Part 2C Enhanced CIRMP), Asia-Pacific frameworks (Hong Kong PCICSO), European frameworks (EU Cyber Resilience Act, DORA, GDPR), and global frameworks (NIST Cybersecurity Framework 2.0, ISO/IEC 27001:2022, SOC 2, PCI DSS, Third-Party and Supply Chain Security). Industry-specific small business health checks are also available across ten sectors.
Can I use the assessments across multiple sites or entities?
Yes. Multi-site and multi-entity portfolio mode is built into the AESCSF (multi-site), APRA CPS 234 (multi-entity group), and Hong Kong PCICSO (multi-CCS portfolio) assessments. Every site or entity is scored consistently and rolled up into a single group view, with cross-portfolio heatmaps, common gap analysis, and group-level executive summaries.
Are CyberAssure assessments a substitute for formal audit or certification?
No. These are self-assessment tools designed to help organisations understand their current maturity, identify gaps, and prepare for formal certification, audit, or supervisory engagement. They support independent assurance engagements (such as ASAE 3000 and ASAE 3402 for APRA CPS 234) by producing the structured evidence trail an independent assessor needs, but the formal assurance opinion is still issued by the independent party.
Start your assessment today
Download, run locally, get results. No sales calls, no waiting, no data shared.