+44 3301 333 307 magma@magmacloud.co.uk
Public Sector

City Council & International Sporting Event —
Cyber Strategy

Five- and ten-year cyber roadmap, managed services contract exit, and an in-house cyber function built from scratch — supporting both a city council and a major international sporting event.

Sector
Public Sector
Type
Cyber Strategy
Roadmap
5 & 10 year
Status
Completed

The Challenge

Local authorities operate under sustained pressure: shrinking budgets, rising regulatory expectations, and a threat landscape that has placed UK councils among the most frequently targeted public sector organisations. When a major international sporting event was announced, the cyber risk profile for the host city escalated significantly — the event itself would bring international attention, increased digital infrastructure, and a compressed delivery timeline during which security could not be an afterthought.

At the same time, the council's existing managed cyber services contract was approaching its end — and the organisation needed to determine whether to re-tender, build internal capability, or a combination of both. The existing contract had served its purpose but had not built lasting internal expertise; the council's in-house cyber capability was limited, and leadership lacked the strategic framework to make an informed decision about the future.

The organisation needed a strategy that would work across two different time horizons: the immediate pressures of the sporting event, and the longer-term challenge of building sustainable cyber resilience that would outlast any single contract or consultant.

What We Did

Magma Cloud led the development of both the five-year and ten-year cyber security roadmaps — giving the council a phased, risk-prioritised plan for improving its security posture over two distinct planning horizons. The five-year plan focused on closing the most critical gaps and establishing sustainable governance; the ten-year plan addressed the longer-term ambition of building a mature, integrated security function.

For the international sporting event, we provided specialist cyber security support across the planning and preparation phase — identifying the specific risks associated with the event's digital infrastructure, advising on security requirements for event systems and partner networks, and ensuring the council's security posture could absorb the heightened threat activity that major international events reliably attract.

We then led the managed services contract (MSC) exit — a process that required careful knowledge transfer, documentation of the existing security baseline, and sequencing to ensure no gap in coverage between the outgoing provider and whatever came next. Exit from a long-running MSC is consistently underestimated in complexity; we had done it before, and that experience shaped how we approached it.

In parallel, we designed and led the recruitment of an in-house cyber function — defining the roles required, drafting job specifications, advising on the selection process, and helping the organisation understand what good looked like when evaluating candidates for security roles they did not yet have the expertise to assess independently. Building internal capability rather than perpetual external dependency was a deliberate strategic choice — one we supported from design through to delivery.

Outcomes

  • Five- and ten-year cyber security roadmaps authored and adopted at executive level, giving the council a strategic framework for sustained security improvement
  • International sporting event cyber security support delivered — event infrastructure assessed and appropriate controls in place for the elevated threat environment
  • Managed services contract exited cleanly — full knowledge transfer, no coverage gap, documented baseline handed over to the incoming arrangement
  • In-house cyber function recruited — roles defined, specifications authored, selection process supported, permanent internal capability established
  • Organisation substantially less dependent on external providers for its core security posture and decision-making

Services Used

Facing similar challenges?

Book a free Ignite Assessment — a 30-minute call with a senior security architect. You'll leave with a read of your current posture, the top risks we'd tackle first, and a clear view of how we can help.

Book Ignite Assessment