Our story

Team Cymru (pronounced \ˈkəm-ˌrē\) was formed in 1998 to learn the "who and why" of malicious Internet activity. This focus on attribution resulted in the uncovering of the "what, when, where, and how" of online malevolence.

Incorporating in 2004 and opening our doors for business in 2005, we have over a decade of experience and expertise at providing unparalleled threat intelligence and insight for security vendors, network defenders, incident response teams, and analysts.

From the beginning, we believed in doing things differently. Team Cymru focused on obtaining unique access and partnerships that served as the foundation for our mining and refining capabilities. Due to our distinct positioning, our clients are able to perform in-depth and broad-based analysis based on our incomparable data.

We are incredibly proud of the achievements of our partners, and that our unique and broad data has underpinned those successes. Reach out to us today so that together we can begin to propel your mission and capability further than ever thought possible!

Interested in joining our team?

GDPR Statement

General Data Protection Regulation (GDPR) came into effect on 25th May 2018 with the objective of standardizing data protection law framework across the EU. GDPR imposes obligations on companies that control or process personal data of European Union Residents. Team Cymru is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for GDPR.

At Team Cymru, we understand the importance of your personal data, and we take steps to secure and protect it whenever it is stored in our infrastructure. We do not collect or process personal data on behalf of the individuals and we don’t have access to any personal data in our customer’s systems. As a data processor, we have instituted a robust information security program (backed up by legal contracts) to create a service that our customers can trust.

Team Cymru currently complies with applicable data protection regulations and is committed to GDPR compliance across its relevant services.

Team Cymru has reviewed where and how our relevant services collect, use, store and dispose of personal data and has updated policies, standards, governance and documentation where needed. Team Cymru is dedicated to keeping such due diligence current and carrying out re-assessments periodically and/or as required by changed circumstances.

Compliance with the GDPR requires a shared responsibility between Team Cymru and our partners and customers to safeguard and protect personal data. In this context, Team Cymru primarily will act as a data processor and our partners and customers generally will act as data controllers. Working together, we hope to explore opportunities within our relevant service offerings to assist our partners and customers meet their GDPR obligations. In the meantime, Team Cymru encourages partners and customers to independently familiarize themselves with the GDPR.

As a data processor, Team Cymru is committed to maintaining the privacy and confidentiality of the personal data entrusted to us. Standard security controls are in place to protect personal data and the physical locations in which it is hosted which include firewalls, two-factor authentication, logging and monitoring, 24x7 physical security and a dedicated internal security professional.

Our North American co-location facilities utilize access controls mechanisms, which establish physical and logical access controls to the facilities and the infrastructure hosting the services. All physical and logical access is logged and analyzed for inappropriate access. Physical security controls for the facilities hosting the services include 24x7 on-site security and local and remote security and environmental monitoring. Logical access authentication for Team Cymru personnel is performed using two-factor authentication and is granted based on the employee’s role.

A highly trained security professional is responsible for documenting and reviewing security controls to ensure that these controls remain effective and in-place and is actively monitoring our systems.