Cyber attacks on councils are increasingly exploiting weaknesses in third-party suppliers, not just core IT systems.
As reliance on outsourced services grows, you’re being forced to rethink how you manage third-party risk and where cyber responsibility truly sits.
Join Croydon Council and Risk Ledger to explore how councils like yours are embedding cyber security into procurement and supplier management, moving beyond IT-only controls.
We’ll also discuss why collaboration between councils (sharing insight on suppliers, approaches, and lessons learned) is becoming essential to building collective resilience across the public sector supply chain.
Lastly, we’ll dive into CAF & A4 Principle in Practice — how councils are classifying suppliers under CAF, whether greater standardisation is needed, the growing challenge of continuous monitoring, and whether the scope is expanding beyond traditional IT suppliers.
Daniel Okonofua
Former Data Protection Officer, Stevenage Borough Council
Justin Kuruvilla
Chief Cyber Security Strategist, Risk Ledger
