The partnership with Acumen Cyber has enabled Edinburgh Trams to modernise its cyber defences, improve visibility, and streamline internal reporting, laying the groundwork for a stronger, more proactive security posture.
Edinburgh Trams is the operator and maintainer of the capital city’s tram network on behalf of the City of Edinburgh Council. Although a relatively small organisation with around 300 employees, Edinburgh Trams plays a pivotal role in delivering safe, reliable, and socially inclusive transport for residents and visitors.
As a public transport operator in a dynamic urban environment, the organisation regularly navigates large scale events, complex scheduling demands, and critical safety requirements. With a lean internal IT team responsible for managing infrastructure, ticketing systems, and cyber security, resilience and efficiency are key.
Prior to engaging Acumen Cyber, Edinburgh Trams faced several challenges:
Limited Internal Resources
The internal IT function is run by a small team with wide-ranging responsibilities, making 24/7 cyber security coverage difficult to achieve in-house.
Disparate Legacy Systems
A range of ageing tools were due for renewal. These systems lacked modern capabilities for XDR, vulnerability management, and incident response.
Reactive Security Measures
The team previously relied on traditional practices like periodic penetration testing and vulnerability scans. There was a clear need to move towards a proactive, continuous monitoring approach.
Acumen Cyber provided a hybrid-managed cyber security solution, tailored to Edinburgh Trams’ needs:
MXDR Services with Threat Intelligence
To support Edinburgh Trams’ move from periodic testing to continuous protection, Acumen Cyber deployed a hybrid-managed MXDR solution underpinned by our UK-based 24/7 SOC. Modern endpoint detection and response (EDR) technology was rolled out to deliver real-time threat visibility, detection, and response. Providing immediate uplift for the small in-house team.
All events are monitored and correlated through a next-gen SIEM platform, ensuring threats are identified and investigated in context. Unlike traditional SOC models, our engineers take full ownership of incidents, ensuring continuity, accountability, and faster resolution without delays caused by escalations.
Throughout the process, Edinburgh Trams’ internal IT team has remained fully integrated. By retaining access to the platforms and working closely with our engineers, they have full oversight of activity and outcomes, enabling a transparent, collaborative approach to day-to-day security operations.
Vulnerability Management & Dark Web Monitoring
To reduce risk across a fragmented and aging technology estate, Acumen Cyber implemented continuous vulnerability scanning and dark web monitoring, providing Edinburgh Trams with greater visibility across their entire attack surface. These capabilities allowed the internal team to proactively detect, assess, and remediate security exposures before they could be exploited.
By consolidating multiple legacy systems into a single, expert-led service, we helped streamline operations and surface critical insights without adding to the internal team’s workload. Findings were contextualised and prioritised, with our engineers working alongside Edinburgh Trams to ensure timely remediation and clear accountability.
Dark web monitoring added an extra layer of defence by continuously scanning hidden forums and marketplaces for compromised credentials and sensitive data.
By identifying potential breaches early, the team was able to act swiftly reducing risk and strengthening overall resilience.
Together, these integrated services provided a real-time, unified view of Edinburgh Trams’ cyber risk landscape enabling more informed decision-making and a measurable uplift in threat readiness.
Virtual CISO (vCISO) Consultancy and Customisable Reporting and Metrics
As part of our strategic engagement, Acumen provided vCISO consultancy to support long-term cyber resilience. This included embedding security into governance and planning processes, aligning priorities to business risk, and shaping a roadmap for continuous improvement.
We worked closely with the internal team to design custom reporting outputs tailored to their operational cadence and board-level KPIs. These reports now form part of weekly management updates and executive packs, giving stakeholders clear, actionable insights and reinforcing cyber security as a business-wide priority.
Acumen Cyber’s CREST-accredited SOC in Glasgow ensured 24/7 incident response, boosting trust and confidence through seamless collaboration.
Personal, Proactive Engagement
From the outset, Acumen Cyber took a hands-on and tailored approach. During the RFP process, the team invested time to understand Edinburgh Trams’ specific requirements, producing a response that demonstrated genuine insight rather than relying on templated answers. This early commitment set the tone for a collaborative relationship built on transparency, responsiveness, and shared objectives.
Ownership-Driven Support Model
Acumen’s modern SOC model was a key differentiator. Unlike traditional tiered approaches, where tickets are passed between teams and often disappear into a queue, Acumen engineers take full ownership of incidents from start to finish. This end-to-end accountability ensures faster resolution, clearer communication, and a more seamless experience for internal teams.
For Edinburgh Trams, this was a decisive factor. The visibility and continuity built into Acumen’s support model removed the frustration of escalation loops and gave their small IT team the confidence that incidents would be handled thoroughly and efficiently.
Competitive Value and Flexibility
Designed to meet the needs of a mid-sized light rail operator, Acumen’s hybrid-managed service offered enterprise-grade protection while remaining cost-effective and adaptable. The internal team retained access to key tools such as SentinelOne and Tenable, ensuring visibility, control, and the opportunity to stay hands-on with day-to-day security. This balance of managed expertise and internal engagement created long-term value and strengthened in-house capability.
Doug Curry, IT Manager - Edinburgh Trams
The solution was deployed in line with a defined rollout schedule, coordinated around other high-impact projects within the business. Collaboration was smooth throughout, with regular updates and responsive support.
Acumen’s technical team, including the dedicated SOC client lead, worked directly with the internal IT lead at Edinburgh Trams to ensure seamless alignment with internal frameworks, reporting structures, and operational requirements.
The onboarding plan was clearly defined, well-documented, and executed to a high standard, following the scope agreed during the RFP process.
Early-stage services were rolled out smoothly, with consistent communication and no disconnect between expectations and delivery.
Although still early in the deployment, Edinburgh Trams has already seen tangible improvements across operational, strategic, and cultural areas of the business.
Richer Visibility
The introduction of enterprise-grade monitoring and threat detection has significantly enhanced visibility across Edinburgh Trams’ IT estate. Granular metrics now provide a clearer understanding of activity across the network, helping both the IT team and the board to see exactly what’s happening in real time. What was once unseen is now transparent, allowing for faster, more informed decision-making and a shift from reactive to proactive risk management.
Improved Reporting & Communication
Custom reporting outputs have streamlined internal communications, reducing the time spent preparing board reports and operational updates. Metrics are now embedded into weekly management meetings and executive packs, allowing cyber risks and progress to be communicated with clarity and confidence. What was once a technical black box is now a consistent and visible part of business-wide planning.
Empowered Teams & Collaborative Rollout
The hybrid approach has kept Edinburgh Trams’ internal IT team engaged and empowered throughout. With access to the tools and dashboards, staff have been able to take an active role in the rollout, gaining insight, ownership and confidence in the new systems. Far from a top-down deployment, the implementation has been collaborative, with Acumen engineers working closely alongside internal leads to align with daily operations and wider business priorities.
Strategic Foundations for Long-Term Resilience
Acumen’s solution has not only addressed immediate security gaps but also laid the groundwork for long-term planning. The visibility and structure now in place have helped shape a strategic three-year roadmap, which is being used to support budget approvals, prioritise investments and align board-level focus around evolving cyber resilience goals. For Edinburgh Trams, cyber security is no longer an afterthought. It is a recognised, funded pillar of the organisation’s forward strategy.
Time-Saving, Streamlined Operations
Automated and tailored reporting has significantly reduced the time the IT team spends preparing updates for management and the board. With metrics now embedded into weekly operational meetings and visualised clearly, communication has improved across departments and meetings run more efficiently. This has freed up time for the internal team to focus on other priorities, including training and forward planning.
Improved Awareness Across the Business
Staff across Edinburgh Trams are now more aware of the tools in place and the changes underway. The transition to platforms like SentinelOne and Tenable has prompted conversations around cyber security beyond the IT function, reinforcing the idea that security is a shared responsibility. Regular updates and visibility of activity have supported a cultural shift toward broader cyber awareness.
Collaborative, Empowering Delivery Model
Acumen’s hybrid model has allowed the internal IT team to remain actively involved in implementation and day-to-day operations. Rather than fully outsourcing, the team retains access to tools and dashboards, gaining hands-on experience while benefitting from expert guidance. This approach has not only reduced operational burden but also contributed to upskilling and internal capability building.
In just six months, Edinburgh Trams has elevated its security posture, modernised its tooling, and built the groundwork for a long-term cyber resilience strategy.
Doug Curry, IT Manager - Edinburgh Trams
By partnering with Acumen Cyber, Edinburgh Trams has taken a major step forward in building a modern, responsive, and transparent approach to cyber security. This partnership has not only delivered stronger visibility and incident readiness but also fostered a collaborative working relationship that continues to evolve.
The Acumen team has taken a hands-on, tailored approach throughout the engagement, aligning closely with Edinburgh Trams’ operational needs and long-term security goals. With enhanced monitoring, expert support, and a shared commitment to continuous improvement, Edinburgh Trams is well positioned to proactively manage cyber risks and strengthen its security posture into the future.
Stronger security. Clearer visibility. Trusted partnership.
