Commission to spend £302,000 over four years on managed security service after earlier cyberattack on electoral register and staff email, as organisations including Disclosure and Barring Service plan similar moves

The Electoral Commission has awarded a four-year contract for a security operations centre (SOC) and managed cyber security service, using a 14-month attack on its operations in 2021-22 to justify why it needs this in place before its current service ends in December.

It gave the contract, which started on 20 August 2025, to London-based cybersecurity provider Cybanetix. The work covers software and end point protection, round-the-clock monitoring and incident response as well as support with transitioning from a managed extended detection and response (XDR) service, including installation, configuration and testing of the new one.

“In light of the well-publicised cyberattack that was made on the commission, it is essential that this new solution and service are put in place before the current service ends,” the commission said in the award notice said.

In August 2023, the commission revealed that attackers had accessed its servers between August 2021 and October 2022, when they were detected by a suspicious pattern of log-in requests. The attackers accessed electoral registration databases containing the name and address of about 40 million people registered to vote in UK elections from 2014 to 2022 as well as the commission’s email system.

Related content

• NCSC head warns of fundamental ‘contest for cyberspace’ as annual report shows 44% hike in most serious incidents
• Software vendors encouraged to adhere to new government-issued security principles
• Analysis – how and where are attackers getting in?

In March 2024, then-deputy prime minister Oliver Dowden pinned responsibility for the attack on China, along with individuals and a company that led the attacks. As well as the Electoral Commission, the government said that Chinese state-backed attackers had targeted MPs critical of China including former Conservative leader Iain Duncan Smith.

Some parts of government already use SOCs including HM Revenue and Customs, which in March was seeking market feedback on improvements in this area.

Earlier this month, the Disclosure and Barring Service said it was planning to implement a new SOC service as part of its move to a software-as-a-service approach. It has been undertaking market engagement work ahead of a contract it plans to start in April 2027.

In July, social housing provider LiveWest Homes awarded Cheshire-based Chess Cybersecurity a £1.6 million contract lasting up to nine years to provide it with a SOC service.