top of page

Merthyr Tydfil council is the first to tackle cybercrime head on

Merthyr Tydfil County Borough Council is one local authority that is taking cybercrime very seriously by becoming the first in Wales to make cyber resilience a must-have for all businesses it tenders with.

Partnering with the Cyber Resilience Centre for Wales (WCRC), it is now asking organisations that tender for goods, services or works to, or for, the council to have Cyber Essentials or a minimum of WCRC Core Membership as an effective and simple way to ensure they are protected from common cyber-attacks.

Ryan James, Corporate Information Security Officer for Merthyr Tydfil County Borough Council, said: “We have been promoting cyber resilience for a long time with the businesses we use as part of our procurement process but there is a definite feeling of reluctance to take this on board, which I think comes from the mindset that a cyber-attack just won’t happen to them. Yet, this is quite the opposite and by ensuring we practice this level of cyber security, we are protecting our own supply chain.

“We’re seeing more and more businesses becoming victims of cybercrime and we felt that the Council needed to take action. With the help and guidance from the WCRC we have now made it mandatory that any supplier who tenders for us going forward must have one of these two crucial cyber resilience steps as a minimum before they are even considered for a contract.”

Ellis Cooper, Chief Executive, Merthyr Tydfil County Borough Council, said, “Determining whether our supply chain meets our cyber security requirements is essential to us as an organisation, a vulnerable supply chain can cause damage and disruption to our organisation. Working in partnership with WCRC, we can ensure our suppliers are prepared and have the information they need to maintain their cyber resilience”.

The WCRC is a partnership between the police, private sector and academia set up to help Welsh businesses protect themselves against cybercrime. It provides micro, small and medium-sized organisations with free and affordable cyber resilience guidance designed to help protect themselves from attack. Those who sign up to its free Core Membership receive practical guidance on the cyber security basics. There is also the option to upgrade to a flexible paid-for range of options to suit the level of support required.

The centre works closely with trusted partners; a group of certifying bodies verified by the Information Assurance for Small and Medium Enterprises Consortium (IASME) to help firms achieve Cyber Essentials and Cyber Essentials Plus Certification, which members have access to.

Detective Superintendent and WCRC Director Paul Peters, added: “We have been very impressed by Merthyr Tydfil County Borough Council’s ongoing commitment in pushing the cyber security agenda through not only raising awareness but establishing specific measures that companies must adhere to.

“We have been working very closely with Ryan and his team to put in place a process by which SMEs must obtain a certain level of cyber resilience, which in this case is WCRC membership if a business has not achieved Cyber Essentials. Ensuring this is clearly stated within its tender process, it safeguards all those who will or are part of the council’s supply chain.”

Businesses can join the WCRC through a range of membership packages to access guidance, tools and affordable services to help better protect themselves against the threat of cybercrime.


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page