BDO Canada has launched a Defence Cyber Readiness Accelerator advisory service aimed at companies seeking to meet new cyber certification requirements in Canadian defence procurement.
The offering focuses on the Canadian Program for Cyber Security Certification, or CPCSC, a federal framework that sets baseline cyber requirements for organisations handling sensitive but unclassified defence information. It is intended to help businesses assess readiness, identify compliance gaps and prepare for certification.
The launch comes as Ottawa moves to expand defence spending by more than AUD $81 billion over the next five years, according to BDO. At the same time, suppliers and subcontractors seeking defence work face a new compliance hurdle as cyber readiness requirements begin to appear in procurement processes.
The shift affects companies across the defence supply chain, from manufacturers and logistics groups to technology providers and infrastructure businesses. Firms unable to show the required level of cyber readiness may struggle to win future contracts or retain eligibility for existing defence-related work.
Procurement pressure
For many businesses, the issue is not only whether they need to improve cyber controls, but how quickly they must do so. CPCSC introduces a staged compliance challenge for companies entering defence markets for the first time or expanding their role in federal supply chains.
BDO said the service is designed to guide organisations through that process by mapping requirements, highlighting gaps and setting out a path to certification. The firm positioned the work as part of a broader defence advisory practice covering compliance, finance and operational issues.
Rocco Galletto, Partner, Cybersecurity, BDO Canada, outlined the commercial significance of the new rules for suppliers. "Cybersecurity is a foundational requirement for doing business in the defence sector, and CPCSC is an important step in strengthening Canada's defence supply chain. As CPCSC requirements begin to appear in defence contracts, suppliers and subcontractors will increasingly need to demonstrate cybersecurity readiness. For many organizations, this is an opportunity to build the capabilities needed to participate and compete in a growing market. We're here to help businesses navigate these requirements with confidence and turn cybersecurity readiness into a real competitive advantage."
The framework arrives as Canada seeks broader participation in defence-related projects and procurement. For smaller suppliers and subcontractors in particular, certification readiness may become a practical condition of market access rather than a voluntary security upgrade.
Defence market
BDO said it already works with more than 250 clients across Canada's defence ecosystem, including aerospace manufacturers, robotics companies, infrastructure businesses, logistics groups and technology suppliers.
The firm said its defence team draws on specialists in cybersecurity, regulatory compliance, government incentives, deal advisory, manufacturing, infrastructure and the public sector. That breadth reflects the range of issues companies face when trying to enter or expand within defence supply chains, where technical standards and procurement rules often sit alongside financing and operational demands.
Mike Abbott said many companies are trying to judge both the scale and timing of the work needed to meet the new standards. "With over $81 billion in additional federal defence spending expected over the next five years, most Canadian companies looking at the defence opportunity don't just have a cybersecurity problem, they have a sequencing problem. They need to know what's required now, what can wait, and what becomes mandatory the moment they win their first contract. Our Defence Cyber Readiness Accelerator is built to give business leaders a clear, practical path through CPCSC so they can compete for defence work without overextending the business."
The introduction of CPCSC marks a broader tightening of cyber expectations in public procurement, especially in sectors linked to national security and sensitive information. As those standards become embedded in tendering and contract management, advisory firms, auditors and cyber specialists are likely to see growing demand from businesses seeking to understand what compliance will require before bidding for work.