Sorry, you need to enable JavaScript to visit this website.
CDCAT® - Cyber Defence Capability Assessment Tool logo
CDCAT® - Cyber Defence Capability Assessment Tool logo
CDCAT® - Cyber Defence Capability Assessment Tool logo

Cyber Defence Capability Assessment Tool (CDCAT®)

CDCAT® — Know Your Defences. Prove Your Resilience.

Professional with long dark hair in blue top working at computer desk wearing glasses

About CDCAT®

46
%
of organizations don’t know they’ve been breached
69
%
of organizations don’t have a formal plan
43
%
of UK businesses have been attacked
85
%
of CEOs say cybersecurity is critical for growth

CDCAT® Overview

In today’s threat landscape, assumptions are dangerous. CDCAT® (Cyber Defence Capability Assessment Tool) empowers senior cybersecurity leaders to make data-driven decisions by objectively assessing cyber defence maturity across people, processes, and technology. Developed in collaboration with Ministry of Defence's (MOD) Defence Science and Technology Laboratory DSTL and made commercially available through APMG, CDCAT® aligns with global standards and provides actionable insights to reduce risk, improve resilience, and justify investment. Whether you're defending critical infrastructure or leading enterprise security, CDCAT® gives you the clarity and confidence to stay ahead of evolving threats.  

Know your cyber security strategy. Own your defence. 

Invest in CDCAT® and take control of your cyber defence strategy. Starting at £1,250, the assessment includes pre-consultancy, evaluation, and strategic follow-up — scalable to any organisation size or complexity. 

Organisations using CDCAT® have reported audit preparation time reduced by up to 70%, thanks to its automated control mapping and actionable reporting. 

For every £1 spent on CDCAT®, an organisation could save £18 in audit costs — plus significantly reduce the time to assess and act on cyber risks. 

What are the Estimated Cost Savings with CDCAT?

Traditional cybersecurity audits can cost £10,000 to £50,000+ and take weeks or even months to complete, especially when multiple standards (e.g. ISO 27001, NIST, PCI-DSS) are involved.  

CDCAT® Classic Assessment starts at £1,250, offering a consultant-led, standards-mapped evaluation that drastically reduces both time and cost. You’ll receive a report you can share with your organisation and create an action plan from. 

Organisations using CDCAT® have reported audit preparation time reduced by up to 70%, thanks to its automated control mapping and actionable reporting.  

For enterprises with complex compliance needs, CDCAT® can save tens of thousands of pounds annually by consolidating multiple frameworks into a single, efficient assessment.

What will my Cyber Risk Assessment Report contain? 

Each report is yours to keep and comes with a breakdown of the following areas: 

  • Summary: A high-level overview of your company, its weaknesses, and areas for improvement.
  • High Level Action Plan: Effectiveness of your current controls according to target and areas of improvement.
  • Performance Indicators: Bespoke KPIs tailored to your company to meet your desired goals and timeframes (especially relevant for your technical team).
  • Additional Standard: A separate report assessment against an additional security standard.
  • Assessment Data: Your data specifically mapped against the selected security controls (especially relevant for your technical team).
  • An Action Plan: Providing an overview of your blockers and weaknesses based on the TEPIMOIL mnemonic: Training, Equipment, Personnel, Information, Management, Organisation, Infrastructure and Logistics.
Three professionals working together at a computer, smiling and reviewing lines of code displayed on a large screen.

Who is CDCAT® for?

The Cyber Defence Capability Assessment Tool (CDCAT) is suitable for individuals and organisations preparing for an audit or need an enterprise-grade assessment at manageable cost. Typical clients of CDCAT are: 

  • CFOs and Finance Directors – seeking cost-efficiency in compliance processes.
  • IT Audit Managers – responsible for managing lengthy audit cycles.
  • Compliance Officers – ensuring alignment with ISO 27001, NIST, PCI-DSS.
  • Heads of Risk and Governance – managing multi-framework environments.
  • Cybersecurity Consultants – delivering assessments across diverse client needs.
  • CISOs in Critical National Infrastructure – requiring trusted, validated tools.
  • Government Security Advisors – looking for MOD-endorsed methodologies.
  • Defence Contractors – needing assurance tools with military-grade credibility.

Benefits of CDCAT®

For Individuals

  • Strengthen Analytical Thinking in Cyber Defence.
  • Learn to interpret assessment data and performance indicators to make informed decisions about cyber risk and resilience. 
  • Build confidence in applying cyber frameworks.
  • Gain hands-on experience in applying mapped controls from multiple standards, helping you confidently contribute to audit preparation and strategic planning. 
  • Understand how specific controls, processes and practices can be adopted by an organisation and how they interconnect to create a cyber security strategy.
  • Understand how standards, framework, guidance or report has been mapped to a variety of control groups.
  • Develop skills which help you develop a best practice cyber defence strategy.
  • Explore up to date security standards.

For Organizations

  • Clear visibility of cyber maturity which allows you to gain a detailed understanding of your organisation’s current cyber defence posture across people, processes, and technology.
  • Identification of Vulnerabilities - Pinpoint specific weaknesses before they are exploited — enabling proactive remediation and risk reduction.
  • Actionable Insights and KPIs- Receive tailored reports with performance indicators and prioritised recommendations to guide strategic decisions.
  • Compliance Readiness - Ensure alignment with key standards like ISO 27001, NIST, PCI-DSS, and Cyber Essentials — supporting audit preparation and regulatory compliance.
  • Cost and Time Efficiency - Save thousands in audit costs and reduce assessment time from weeks to days with automated, consultant-led evaluations.
  • Strategic Planning Support - Use assessment outcomes to inform cybersecurity investment, workforce planning, and board-level reporting.
  • Repeatable and Scalable - Apply the same framework across departments, regions, or business units — ensuring consistency and comparability.

Documentation

Document thumbnail
pdf - 264 KB - 17 June 2025
Document thumbnail
pdf - 256.32 KB - 17 June 2025

Videos

Videos

Understand and manage your cyber security with CDCAT

| 3 minutes 9 seconds
Cyber Security

FAQs

CDCAT® (Cyber Defence Capability Assessment Tool) is a scientifically developed framework that evaluates your organisation’s cyber defence maturity across people, processes, and technology. It helps identify vulnerabilities, benchmark performance, and guide strategic improvements. 

CDCAT® provides a structured assessment aligned with global standards (e.g. ISO 27001, NIST, Cyber Essentials), helping organisations understand gaps, reduce risk, and build long-term resilience. 

Yes, CDCAT® is scalable and cost-effective, starting at £1,250. It’s designed to support organisations of all sizes—from small businesses to multinational corporations.

CDCAT® maps controls from widely recognised standards including ISO 27001, PCI-DSS, NIST, Cyber Essentials, and more—making it ideal for multi-framework environments.

A typical CDCAT® Classic Assessment takes around 1 week, significantly faster than traditional audits which can take 6 weeks or more.

You’ll receive a tailored report with performance indicators, a high-level action plan, and detailed insights using the TEPIMOIL framework—helping you prioritise and plan effectively. 

The TEPIMOIL framework is used as a checklist by the UK Ministry of Defence to prevent new equipment from being delivered without the necessary support systems. The principle of "Interoperability" is also considered an overarching theme that links the Defence Lines of Development (DLoDs) together.  The acronym stands for:  

  • Training: Ensuring that personnel are properly prepared and have the necessary skills.
  • Equipment: Providing the right platforms, weapons, and tools.
  • Personnel: Having enough people with the right skills and motivation.
  • Information: Delivering and managing the information needed for command and control.
  • Management: Understand whether policies and decisions are supporting enhanced security appropriately.
  • Organisation: Creating the right structures and chains of command.
  • Infrastructure: Supplying the physical bases, facilities, and support systems.
  • Logistics: Managing the supply, maintenance, and support of the capability.  

Organisations often use a mix of tools, platforms, and vendors. Interoperability ensures these systems can communicate and work together to detect, respond to, and prevent threats effectively. Interoperability also facilitates easier mapping to regulatory frameworks (e.g. ISO 27001, NIST) by enabling consistent data collection and reporting across systems.

Absolutely. CDCAT® streamlines audit readiness by mapping controls, identifying gaps, and providing consultant-led guidance to prepare for external reviews.

Yes. CDCAT® is developed using science licensed by the UK Ministry of Defence and is used by organisations including the City of London Police and critical national infrastructure providers.

Get in touch

If you have a query about this certification or want to know more about training send us a message via this contact form. We would love to hear from you!

Get in touch

Have you found what you need on this page?