About The Organisation
Bedfordshire, Cambridgeshire & Hertfordshire Constabulary (BCH) is a collaborative policing alliance serving communities across three counties. The Constabularies are responsible for protecting sensitive operational data, intelligence systems, and critical digital services that directly support frontline policing and public safety. Operating in an increasingly hostile cyber threat landscape, BCH understands that Cyber Security is fundamental to maintaining operational resilience, protecting public trust, and ensuring continuity of policing services. With established security controls already in place, BCH sought to gain deeper assurance that its detection and response capabilities would perform effectively against the types of real‑world threats currently facing UK law enforcement.
The Business Challenge
BCH required confidence that its existing security technologies, processes, and teams could detect and respond to realistic cyber attacks targeting UK policing organisations. While traditional testing provided valuable assurance, it did not fully reflect how BCH would perform against modern adversary behaviour. The Constabularies needed to understand how effectively their Security Operations Centre (SOC) and ICT teams could identify, investigate, and respond to live attack activity aligned to current criminal threat actors. Key challenges included:
Validating detection and response capabilities against realistic attacker techniques. Understanding how effectively indicators of compromise were identified and escalated. Testing collaboration between SOC and ICT teams during security incidents. Identifying gaps in incident response playbooks and operational workflows. Strengthening shared understanding of security responsibilities across teams.
The Solution
CyberLab was engaged to deliver an intelligence‑led Purple Team exercise designed to assess BCH’s detection and response capabilities across people, process, and technology. Attack scenarios were developed using current threat intelligence aligned to a criminal group active in the UK during 2025. The group’s known Tactics, Techniques and Procedures (TTPs) were emulated to reflect realistic attack paths BCH could face, enabling a meaningful assessment of how existing security controls and teams performed under real‑world conditions. The engagement was delivered in close collaboration with BCH’s SOC and ICT teams, ensuring findings were contextual, actionable, and directly relevant to day‑to‑day operations.
A Purple Team exercise brings together offensive and defensive security capabilities to improve an organisation’s ability to detect and respond to cyber-attacks.
Red Teaming activity focuses on simulating attacker behaviour to test whether an organisation can be compromised. Purple Teaming goes a step further by actively collaborating with defensive teams during the exercise. Rather than simply identifying weaknesses, Purple Teaming helps organisations understand how attacks are detected, how alerts are handled, and how response processes function in practice. For BCH, this collaborative approach ensured that insights were shared in real time, enabling teams to learn, adapt, and improve throughout the engagement rather than only at the end.
The Outcome
The engagement provided BCH with a clear, evidence‑based understanding of how effectively its security capabilities performed against realistic threats. Key outcomes included:
Improved visibility into detection effectiveness across existing security controls. Identification of gaps within monitoring, alerting, and response processes. Stronger collaboration between SOC and ICT teams during incident scenarios. Clear insight into where playbooks and escalation processes could be improved. Increased understanding of shared responsibility for Cyber Security across teams. By focusing on real attacker behaviour and collaborative testing, the taskforce gained practical insights that could be directly applied to strengthen operational readiness.
Conclusion
Through its engagement with CyberLab, BCH gained meaningful assurance over its ability to detect and respond to real‑world cyber threats targeting UK law enforcement. The intelligence‑led, collaborative nature of the exercise allowed BCH to move beyond traditional assurance and focus on genuine operational resilience. The findings enabled teams to refine detection capabilities, strengthen incident response processes, and reinforce a shared approach to Cyber Security across the Constabularies. CyberLab continues to support public sector organisations by delivering realistic, threat‑informed security testing that helps translate adversary behaviour into clear, actionable improvement, protecting the systems and data that underpin critical public services.
Speak With an Expert
Enter your details and one of our experts will be in touch.
Whether you’re looking to implement basic cyber security best practice, improve your existing defences, or introduce a new system or solution, our team of expert consultants, engineers, and ethical hackers are here to help.
Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.
We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.
