A newly published report by Redscan, A Kroll Business, highlights a disparate and fragmented approach to cyber security among local authorities in the UK.
The report, Disjointed and under-resourced: Cyber security across UK councils, is based on analysis of Freedom of Information (FOI) data supplied by more than 60% of borough, district, unitary and county councils.
Key findings include:
- UK councils reported an estimated 700+ data breaches to the Information Commissioner’s Office (ICO) in 2020
- Ten councils had their operations disrupted as a result of breaches or ransomware
- One council reported 29 data breaches to the ICO in 2020
- Approximately four in ten councils spent no money on security training
- Just half of all UK council employees received cyber security training in 2020
- 45% of councils employ no staff with recognised security qualifications
The crucial role of councils in providing access to vital services means they must process huge volumes of data and comply with strict regulatory requirements. However, in the last 12 months, there have been numerous reports of data breaches at UK local authorities These include high-profile incidents suffered by Hackney as well as Redcar & Cleveland Borough Councils.
The National Cyber Security Centre (NCSC) recently warned that the cyber security challenges faced by councils are likely to grow due to urban centres becoming increasingly connected.
Redscan’s report provides a snapshot of the state of cyber security across local authorities, suggesting that more must be done to minimise the risk of future incidents and disruption to services.
“There is significant room for councils to improve their readiness to tackle current cyber risks as well as those that will emerge in the future as cities become smarter and more interconnected,” said Redscan CTO Mark Nicholls.
“Every council has thousands of citizens depending on its services daily. If they go offline due to a cyberattack, this can deny people access to critical services. To minimise the impact of data breaches, it is important that councils are constantly prepared to prevent, detect and respond to attacks. While our findings show that councils are taking some steps to achieve this, approaches vary widely and in many cases are not enough.
“Our analysis reveals some pretty shocking failings, such as 29 data breaches reported by one council to the ICO in a single year. The fact that approximately half of all council employees across the UK didn’t receive security training in 2020 is also concerning.”
Our analysis reveals some pretty shocking failings, such as 29 data breaches reported by one council to the ICO in a single year. The fact that approximately half of all council employees across the UK didn’t receive security training in 2020 is also concerning.
About Redscan, A Kroll Business
Redscan is an award-winning provider of managed security services, specialising in Managed Detection and Response, Penetration Testing and Red Teaming. As of March 2021, Redscan is now part of Kroll, the world’s premier provider of services and digital products related to governance, risk and transparency.
Redscan works with organisations operating in a wide range of industry sectors. In the public sector, Redscan helps organisations to comply with the GDPR and NIS Regulations, as well as the Public Services Network Code of Connection (CoCo).