top of page

Pegasus Cyber-Shield

Cyber Essentials Specialists

Cyber-Shield-Consulting-logo

Pegasus Cyber-Shield

Cyber Essentials Specialists

CYBER ESSENTIALS PREPARATION — CHELTENHAM, UK

Cyber Essentials.
Done properly.
First time.

We handle the technical heavy lifting of Cyber Essentials and Cyber Essentials Plus certification for UK defence supply chain SMEs. Remote, structured, and backed by a money-back guarantee.

Start your assessment →
View services →

  • UK GDPR COMPLIANT

  • IASME DANZELL V3.3

  • MOD SUPPLY CHAIN

  • SSCP CERTIFIED

  • UK GDPR COMPLIANT

  • MONEY-BACK GUARANTEE

  • MONEY-BACK GUARANTEE

The Requirement

Why defence suppliers can’t afford to wait

Cyber Essentials is no longer optional for the UK defence supply chain. It is a contractual condition — and the requirements are tightening.

10,000+

DEFENCE SUPPLIERS AFFECTED

The cascade effect

You do not need to be a direct MOD contractor to be affected. DEFCON 658 flows down through every tier of the supply chain. If you supply a Tier 1 prime — BAE Systems, Rolls-Royce, Leonardo, Babcock — they are contractually required to pass the CE requirement to you. Being three tiers down does not exempt you.

PPN 014 — February 2025

Procurement Policy Note 014 made Cyber Essentials mandatory across all central government contracts involving personal data, ICT systems, or OFFICIAL-classified information — binding across every department, not just MOD. If you supply any government body, this applies to you.

DCC Level 0 — The December 2026 Deadline

The Ministry of Defence has requested all industry partners to achieve Level 0 Defence Cyber Certification by 31 December 2026 (of which CE is a prerequisite). This is not a future ambition — it is a formal request from the MOD's Director of Cyber Defence & Risk, and the requirement flows down through every tier of the supply chain.

The cost of not being certified

Lapsing certification mid-contract can trigger disqualification from renewal. Failing to certify before tender submission means your bid is rejected at the gate. With 55,995 certifications issued in 2025 — up 19% year on year — your competitors are not waiting.

Check status →

12 mo

CERTIFICATE VALIDITY

CE+

REQUIRED FOR MOST MOD CONTRACTS

DEFCON 658 — the clause that changes everything

DEFCON 658 is the MOD's standard contract clause that makes Cyber Essentials a legal requirement for defence suppliers. It flows down through every tier — if your prime contractor has it in their contract, they are required to pass it on to you.

 

As of 3 November 2025, CSM Version 4 is mandatory for all MOD contracts containing DEFCON 658. The new framework demands demonstrable proof of control effectiveness — policy statements alone are no longer sufficient.

Allowing your certificate to lapse can result in disqualification from contract renewals. Annual renewal is not optional — it is a condition of continued supply.

syd-mills-kLeczQMR55Y-unsplash.jpg
syd-mills-kLeczQMR55Y-unsplash.jpg

3%

OF UK BUSINESSES CURRENTLY CERTIFIED

📝

Bid for contracts you couldn't before

CE removes a hard gate that currently blocks you from tendering. Every MOD-connected contract that previously disqualified you at pre-qualification is now open. One certification, multiple doors.

☂️

Receive free cyber insurance up to £25,000 *

IASME automatically provides £25,000 of cyber liability insurance with your CE certificate at no extra cost. Coverage includes incident response, legal support, data breach costs, and business interruption — renewed annually with your certification.

* For UK organisations with an annual turnover of under £20 million where the entire organisational estate is certified.

The Benefit

What CE certification actually gives you

Beyond compliance, Cyber Essentials certification provides tangible business benefits that help UK defence suppliers win larger contracts and operate with greater security confidence.

🤝

Protect existing supply-chain relationships

Prime contractors are under increasing pressure to audit their supply chains. A lapsed or missing certificate is grounds for removal from approved supplier lists — regardless of how long you've worked together.

⏱️

Faster procurement approvals

A valid CE certificate removes the need for repeated security questionnaires from individual primes. One certificate, accepted across the supply chain.

🛡️

Implement Genuine security improvements

The five CE controls — properly implemented, not just ticked — block the majority of common cyber attacks. Phishing, ransomware, and credential theft all become significantly harder. Real protection, not just paperwork.

📈

Competitive differentiation

Only around 3% of UK businesses hold CE. In a competitive tender, certification signals maturity and reliability that uncertified competitors cannot match.

1

Triage & Scope

We assess your IT environment, agree scope, and confirm pricing.

From first contact to certificate

A straightforward and frictionless process designed to minimise disruption to your business.

How It Works 

2

Collect & Assess

We deploy our management tools remotely, collect data from your estate, and build your reports.

3

Remediate

We fix what needs fixing. OS policy, patches, and updates deployed remotely once you approve (providing clear, easy-to-follow remediation steps where we are unable to remotely deploy).

4

Certify

We guide your VSA submission and liaise with the Certification Body until your certificate arrives.

CERTIFICATION PATHWAYS

CE

Cyber Essentials

Self-assessment · 5 controls · MOD minimum

CE+

Cyber Essentials Plus

Technical audit · Assessor verification

DCC

DCC Level 0

DEFCON 658 · Defence contracts

Security Management Retainer

Ongoing vulnerability & patch management · Annual renewal

Cheltenham-based.
Defence Focused.

Pegasus Cyber-Shield was founded to close a specific gap: small and medium-sized businesses in the UK defence supply chain need Cyber Essentials, but they don't have the internal IT capability to achieve it on their own.

We built an end-to-end pipeline that handles the entire technical side remotely — from data collection through to remediation support and certificate submission. Our clients don't need a dedicated IT department — we provide technical support throughout every step, supplying clear, concise instructions, one-to-one walkthroughs, and remote management.

Based in Cheltenham — the home of GCHQ and the UK's most concentrated cyber security ecosystem — we understand the defence landscape, the supply chain requirements, and the pressure that comes with them.

WHY Pegasus CYBER SHIELD?

We do the technical work.
You get the certificate.

Pegasus Cyber-Shield handles remediations, security updates and evidence gathering end-to-end. We ensure you pass Cyber Essentials and Cyber Essentials Plus without drowning in regulatory paperwork or complex technical debt.

  • Money-back guarantee

  • We deploy the remediation

  • Built for defence supply chain

If you follow our plan and don't achieve certification, we refund the engagement fee in full. No caveats, no argument.

OS policy, software updates, and patch deployment are all handled remotely once you give the go-ahead. You stay in control of what changes and when.

Your MOD prime contractor needs CE. We understand DEFCON 658, JOSCAR, and the DCC pathway. This is our specific focus, not a sideline.

WHAT WE OFFER

Services & Pricing

VAT not included.
Final price depends on the size and complexity of your IT estate.

📄

Cyber Essentials

Full end-to-end preparation for UK Cyber Essentials. We handle the technical remediation so you can focus on your business.

  • Remote data collection
  • Gap analysis + remediation plan
  • OS & software deployment
  • VSA support included
  • Certification body fee included

From £1,200

Depends on size and complexity of the estate

🏆

Cyber Essentials Plus

The highest level of certification. Includes everything in CE preparation plus technical audit support and assessor liaison.

  • Full CE prep included
  • Pre-audit verification
  • Active assessor liaison
  • Technical remediation
  • Evidence pack creation
  • Certification body fee included

From £2,200

Depends on size and complexity of the estate
MOD contracts typically require CE+

🎖️

DCC Level 0 

The MOD's Defence Cyber Certification — mandatory for all defence suppliers by 31 December 2026. Builds directly on Cyber Essentials with three additional controls covering GDPR compliance and organisational resilience.

  • Requires active CE certification

  • GDPR policy & DPIA creation

  • Resilience assessment & evidence

  • ICS/SCADA scoping support

  • CE/DCC scope alignment diagram

  • Certification body fee included

From £1,200

Standalone add-on, requires active CE

CE + DCC Level 0 bundle discount available

Ongoing Security Management
Retainer

Keep your certificate current. We monitor your estate, deploy patches, and handle annual renewal — so your certification never lapses and your supply chain status is protected.

  • Ongoing patch management
  • CE annual renewal handled automatically
  • Posture management & reporting
  • Quarterly security scans
  • Priority support desk​

From £200/month

12-month minimum contract

Varies by certification level & size/complexity of the estate

Certification body renewal fee NOT included

Get in touch

Ready to get certified?

Tell us about your situation and we'll come back to you with a scope and price — typically within one working day.

What do you need?
bottom of page