Financial body launches tender for hybrid security operations centre
A finance-sector scheme is procuring a 24/7 hybrid security operations centre, reflecting rising demand for outsourced cyber defence under new regulation.
A finance-sector scheme is procuring a 24/7 hybrid security operations centre, reflecting rising demand for outsourced cyber defence under new regulation.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.
The Financial Services Compensation Scheme has gone to market for an outsourced hybrid Security Operations Centre, underlining how new cybersecurity regulation is driving public bodies towards 24/7 managed detection, incident response and threat intelligence services.
Published on 6th February 2026, the contract notice for a managed Security Operations Centre sets out a focused brief. The scheme is seeking an outsourced, hybrid SOC capable of delivering three core services: round-the-clock Managed Detection and Response (MDR), Digital Forensics and Incident Response, and Cyber Threat Intelligence. The chosen supplier will also have to integrate these capabilities with the organisation's existing systems, rather than imposing a standalone security stack.
This combination points to a mature view of security operations. MDR implies active threat detection and containment, not just forwarding alerts. Digital forensics and incident response mean the provider must be able to investigate incidents in detail and support technical recovery. Cyber threat intelligence adds a forward-looking dimension, with insight on emerging tactics feeding back into monitoring rules and incident playbooks.
The reference to a hybrid SOC suggests the scheme expects to retain some internal capability while turning to an external provider for 24/7 coverage and specialist analysis. Tight integration with existing systems will be essential to avoid blind spots between internal tools and outsourced monitoring, and to ensure that any response spans the organisation's full technology estate.
The timing of this procurement aligns with the growing impact of new cybersecurity regulation, including the NIS 2 Directive, on public-sector organisations. Those requirements are raising expectations around continuous monitoring, rapid incident handling and structured threat management. In that context, outsourcing security operations offers a way to meet tighter obligations without assembling a full in-house SOC team.
The Financial Services Compensation Scheme is far from alone in reassessing its operating model. On 12th January 2026, UK Shared Business Services issued a prior information notice for a hybrid managed 24/7 Security Operations Centre service to enhance security monitoring and incident response for its NEO environments, signalling a similar reliance on specialist providers. Later in January 2026, Transport for Greater Manchester began engaging the market through its Security Operations Centre procurement, seeking specialist suppliers for a managed SOC to strengthen its cyber-security capabilities.
Central government departments and regulators are also revisiting coverage. In December 2025, the Department for Environment, Food and Rural Affairs set out plans to reprocure an out-of-hours protective monitoring SOC service to complement its internal operations, extending monitoring beyond standard business hours. That same month, the Health Products Regulatory Authority published a notice for managed IT security services covering 24x7 managed extended detection and response and managed detection and response, using Microsoft security products alongside managed services for edge IT security systems.
Regulatory pressure is not confined to national bodies. Housing providers and charities are responding too. In December 2025, Paragon Asra Housing Limited sought a provider to deliver a 24/7 Security Operations Centre and managed detection and response service for continuous monitoring and remediation of security threats. On 12th January 2026, the Rehab Group went to market for managed cybersecurity services centred on a fully managed Security Operations Centre and cyber defence capabilities, with 24/7 monitoring and compliance with relevant regulations at their core.
Similar moves are apparent across Europe. In October 2025, Région Grand Est launched a framework agreement to support its digital directorate in enhancing and maintaining an outsourced Security Operations Center, built around a managed endpoint detection and response or endpoint protection solution and centralised log collection. In November 2025, the European Investment Bank published an IT security managed services notice aimed at establishing an off-site SOC for continuous security monitoring and incident response across the EIB Group's infrastructure.
Financial institutions and critical infrastructure operators are taking a comparable path. On 16th December 2025, the Investment Bank of the State of Brandenburg sought services for a managed Security Operations Center based on an existing technical platform, including options for threat hunting and purple teaming and requiring compatibility with its XDR and SIEM systems. On 2nd February 2026, Berlin Water Utilities described plans for a hybrid Security Operations Center supported by external expertise and modern technologies to provide comprehensive monitoring, incident response and open-source intelligence analysis.
Law enforcement and local authorities are reinforcing their defences as well. In November 2025, Kantonspolizei Bern issued a contract notice to enhance its Security Operations Center by replacing and expanding services related to endpoint detection and response, incident response, vulnerability management and SIEM, while integrating new solutions and support from external partners. In October 2025, Midlothian Council procured a combined Security Operations Centre and Cyber Incident Response service to bolster cyber resilience and protect its digital infrastructure.
Across these procurements, a clear set of expectations is emerging for managed security providers. Buyers are looking for partners who can:
For security suppliers, these notices describe a market that prizes integration, flexibility and demonstrable incident-handling capability as much as tooling. The Financial Services Compensation Scheme's demand for a hybrid SOC that fits around existing systems mirrors the approaches taken by UK Shared Business Services, Defra and Berlin Water Utilities, where external providers are expected to plug into established environments and complement, rather than displace, internal teams.
For public bodies, managed SOC contracts redistribute how risk and responsibility are shared with third parties. They can help organisations satisfy new regulatory expectations, including those associated with the NIS 2 Directive, by setting out how threats are monitored and incidents handled on a 24/7 basis. But they also lock in long-term relationships with specialist providers, making early decisions on scope, interfaces and exit arrangements an important part of the procurement.
The concentration of SOC and managed security procurements between September 2025 and February 2026 suggests many organisations are updating their arrangements in parallel. Taken together, these notices highlight hybrid SOCs – combining internal oversight with outsourced 24/7 capability – as the prevailing model, from the Financial Services Compensation Scheme's current tender to Berlin Water Utilities' plans and beyond. How that balance evolves as regulation beds in, and as early contracts come up for renewal, will be a key trend for both buyers and suppliers to watch.
Follow Tenderlake on LinkedIn for concise insights on public-sector tenders and emerging procurement signals.