Housing associations, providing affordable accommodation for around six million people in England, often feature in the news, suffering from ransomware, phishing, and other cyber related data breaches, accelerated by the digitalisation of data thanks to the pandemic. Anchor Hanover Group (Anchor), a long-term, valued client, have proactively taken steps towards securing themselves and mitigating the risk of this happening.
Anchor is the largest provider of specialist housing and care for older people in England, servicing over 40,000 customers in more than a thousand locations. This comprises a significant portfolio of assets not only from their customers, but also their partners and supply chain, creating a higher risk of security weaknesses, opportune for a threat actor, simply for the sheer volume and value of their data.
Following the merge of Anchor Trust and Hanover Housing in 2018, Anchor and Commissum’s relationship began through a one-off testing exercise, later inviting Commissum the opportunity to be the sole supplier of cyber services for the ensuing 12 months. Anchor is constantly developing and evolving, looking to integrate a successful cyber security culture amongst their colleagues and introduce new solutions whilst adhering to strict budgets due to the nature of their industry.
Recognising the value in cyber security investments, Anchor entrusted Commissum to conduct their testing requirements for the following three years, ensuring a consistent level of quality and security on all engagements.
Owing to the success of this contract, Anchor chose to commit to a single supplier for another three years, following an open tender process, extending the scope to include outsourced managed security services encompassing managed detection and response, audit and advisory, as well as the original testing services specified. All services are critical to a strong cyber security posture and vastly reduce the risk of a catastrophic data breach.
Working with Anchor prior to the new, multiyear contract meant that we had a thorough understanding of their systems, their security culture, and assure their ability to continue operating as usual. This holistic, collaborative approach as a cyber security partner has reinforced the thriving security culture amongst employees whilst also proving to be a good return on investment and value for public spend.
Implementing a multiyear contract through a single supplier additionally ensures future cost control and overall better value, especially where budget is a key factor in any projects, as well as room for growth within the contract should it be required, allowing planning and budgeting for any other future cyber investments (either expected or unexpected). Consolidation of cyber suppliers allows for enhanced security improvements over the lifetime of the contract, a single point of contact for everything information security related, as well as improved ROI on pre-existing security investments through removal of unnecessary services, optimisation of existing, and integration and adoption of new technology.
“Commissum have repeatedly demonstrated high value and quality of the contract throughout the course of the partnership. This has guaranteed a constant level of security for the organisation whilst allowing us to continually improve and focus on our daily activities, knowing our cyber security provisions are well taken care of. We’ve certainly benefitted from working with Commissum and look forward to continuing our cyber security journey together.”
Kerry Edmondson, Head of IT Operations