In the cyber world, the need for robust security measures is paramount. The Essential Eight cybersecurity framework, designed by the Australian Cyber Security Centre (ACSC), is widely adopted by businesses to protect against a range of threats.
However, implementing this framework can be costly, depending on the operating environment and company size. This article explores the costs associated with enforcing Essential Eight compliance across three IT environment scenarios common in mid-sized organisations – Windows, Chrome OS, and macOS – for companies with around 50 devices.
Overview of the Scenarios
This analysis considers three different setups, each representing a typical mid-sized business environment. These examples offer a broad view of operating situations, helping organisations make informed decisions about implementing Essential Eight cybersecurity strategies.
The tools and automation in this discussion include Antivirus Software, Remote Monitoring and Management tools, Backup tools, Spam filters, Device Management tools, and Security Monitoring tools.
Scenario 1: Hybrid Environment (Windows and macOS)
This scenario involves a company using a mix of 30 Windows devices and 20 macOS devices. Such diversity is common when departments have different operational needs.
For example, the design team may prefer macOS for its graphic capabilities, while administrative staff may prefer Windows for its familiar interface. Some specialty software might even run on Linux or Unix.
Because of this diversity, both direct and indirect costs are higher due to the complexities of managing and securing multiple systems.
Direct Costs: Estimated at $35 AUD per user per month for tools and automation.
Indirect Costs: Assuming an IT professional dedicates 25% of their time, labour costs are around $2250 AUD per month.
Time: Implementing the Essential Eight Baseline Level 1 could take 100 hours initially, with 20 hours per month for monitoring and maintenance.
Scenario 2: Chromebook Devices
The second scenario represents a mid-sized company using 50 Chromebook devices. Chromebooks are increasingly popular in businesses due to their low cost, ease of use, and integration with Google Workspace.
This setup reflects a company that has adopted a uniform, streamlined IT infrastructure. Costs here are generally lower because management is simpler, and devices are more secure by design.
Direct Costs: Estimated at $10 AUD per user per month for tools and automation.
Indirect Costs: With an IT professional’s 10% time, labour costs are around $900 AUD per month.
Time: Initial implementation may take 50 hours, with 10 hours per month for ongoing monitoring and maintenance.
Scenario 3: Windows-Only Devices
The third scenario involves a mid-sized company operating 50 Windows devices. This setup is common for organisations relying on legacy software, industry-specific tools, or a preference for the Windows ecosystem.
Here, costs are typically higher due to the added security requirements and management workload.
Direct Costs: Estimated at $30 AUD per user per month for tools and automation.
Indirect Costs: Assuming 20% of an IT professional’s time, labour costs are about $1800 AUD per month.
Time: Implementing the Essential Eight Baseline Level 1 may take 80 hours initially and 20 hours per month for maintenance.
Important Note
All cost estimates are approximate and may vary based on specific organisational needs, vendor pricing, and other influencing factors.
Comparative Cost Analysis
Based on the figures, the Chromebook Devices scenario is the most cost-effective in both direct and indirect costs.
In contrast, the Windows-Only and Hybrid environments incur higher expenses due to the complexities of implementation and monitoring.
Indirect costs also vary depending on the complexity of each environment and the time commitment required from IT personnel.
Conclusion
Implementing the Essential Eight framework across different operating systems involves a mix of direct and indirect costs.
Windows and macOS environments tend to be more expensive due to additional security needs and higher management time.
Meanwhile, Chrome OS with Google Workspace offers a more integrated and affordable solution.
These costs can differ greatly based on each organisation’s unique requirements and resources. Therefore, businesses should evaluate their environment carefully before choosing their path to Essential Eight compliance.
For more insights, refer to our previous articles:
- Understanding Compliance Options for IT Security
- The Path to Essential Eight: Direct or Gradual
- Achieving Essential Eight Compliance with Google Workspace
Regardless of the environment or approach, the ultimate goal remains the same – to strengthen cybersecurity posture and reduce cyber risks.
Get Expert Help
If you’d like more information, need help implementing the Essential 8, or wish to discuss the best options for your current environment, contact us at:
📧 [email protected] or ☎️ 1800 526 269.