Departments retain defence and security firms for ‘cyber incident response’

Written by Sam Trendall on 14 March 2022 in News

Commercial documents show Cabinet Office and Home Office have signed deals for firms to provide on-demand support

Credit: CoolVid-Shows/Pixabay

Two of government’s major departments have signed retainers with commercial partners to provide on-demand support in responding to “cyber incidents”.

On 2 March, the Cabinet Office entered into a one-year contract with BAE Systems. The deal, which offers the option of a 12-month extension, will be worth at least £50,000 to the global defence contractor, according to recently release commercial information. 

The contract notice indicated that the department is “seeking a commercial partner to provide retained on-demand access to cyber incident response expertise”.

More newly published commercial documents reveal that the Home Office has also agreed a similar engagement, through which an external company – in this case Deloitte – will be available to support its response to cyberattacks and other threats.

Related content

The deal, described as a “cyber incident response retainer”, will see personnel from the professional services firm deployed on demand to assist in the department’s handling of security issues. In doing so, they will work alongside Home Office officials and in support of internal security resources.

“This contract supports the HO Security Operations Centre (CSOC),” the contract-award notice said. “The CSOC provides the core capability of protective monitoring for all Home Office networks and responding to all cybersecurity threats. The Cyber Incident Response Retainer contract ensures that appropriate support can be efficiently and effectively deployed to augment the CSOC as required.”

The contract will be worth £700,333 over its three-year term. Despite only being published last week, the deal came into effect in late 2020. It is due to run until 1 November 2023.

The recently published Government Cyber Security Strategy set out plans for protecting public-sector organisations against attacks and included a target that all public bodies will “resilient to known vulnerabilities and attack methods no later than 2030”.

The policy paper sets out a two-pronged approach to driving improvements cybersecurity, with the first being to ensure that “government organisations have the right structures, mechanisms, tools and support in place to manage their cybersecurity risks”.

“The second is to ‘defend as one’,” according to the strategy document. “Recognising that the scale and pace of the threat demands a more comprehensive and joined up response, government will harness the value of sharing cyber security data, expertise and capabilities across its organisations to present a defensive force disproportionately more powerful than the sum of its parts.”


Minister for the Cabinet Office Michael Ellis will be providing an exclusive insight into the Government Cyber Security Strategy when he delivers the opening keynote presentation at the PublicTechnology Cyber Security Summit. The CPD-certified event – which is free-to-attend for public sector employees – takes place at London's Business Design Centre on 29 March and will include a range of exclusive presentations, include Alex Harris, head of NHS and social care cyber risk at NHSX who will discuss the challenges of protecting patients and clinicians: from WannaCry through to Covid.

Find out more and register



About the author

Sam Trendall is editor of PublicTechnology. He can be reached on

Share this page




Please login to post a comment or register for a free account.

Related Articles

Public bodies encouraged to cancel contracts with Russian suppliers
30 March 2022

Deals that could be under review include energy supply contacts and some tech consultancy engagements

Revealed: Cabinet Office signed deal last month for ‘immediate cyber incident response’
24 March 2022

Department directly awarded short-term deal to PwC but indicates there was no specific threat

Nuclear clean-up agency seeks £2m-a-year partner to help improve cyber-resilience
11 May 2022

Specialist firm sought to help identify areas where security could be bolstered

Big chill: Bank of England awards six-figure direct deal to cool datacentres at note-printing hub
10 May 2022

Contract for chillers at Essex site signed without competitive process