FOI analysis reveals cyber security across councils is disjointed and under-resourced.
London, UK, 23rd June 2021
Redscan, A Kroll Business, the award-winning provider of managed security services, specialising in Managed Detection and Response, Penetration Testing and Red Teaming, today issued its report, Disjointed and under-resourced: Cyber security across UK councils. The report is an analysis of Freedom of Information (FOI) responses from over 60% of councils in England, Scotland, Wales and Northern Ireland.*
The data suggests that in addition to experiencing disruption to services, councils are under-prepared for current and future security challenges. Key findings include:
- UK councils reported an estimated 700+ data breaches to the information Commissioner’s Office (ICO) in 2020
- Ten councils had their operations disrupted due to a breach or ransomware
- One council reported 29 data breaches to the ICO in 2020
- Approximately four in ten councils spent no money on security training
- Just over half of all UK council employees received cyber security training in 2020, and 45% of councils employ no staff with recognised security qualifications
The crucial role councils play in ensuring access to vital services means they must process huge volumes of data and comply with strict regulatory requirements. However, in the last 12 months, there have been numerous reports of data breaches at UK local authorities.
The Redscan report demonstrates that attitudes to security vary considerably across UK councils. While some councils prioritise and invest in training, many others do not. Redscan estimates that, across the UK, councils spent approximately £1.5 million on training in 2020. However, approximately four in ten councils spent nothing during the same period.
Redscan CTO Mark Nicholls commented: “There is significant room for councils to improve their readiness to tackle current cyber risks, as well as those that will emerge in the future as cities become smarter and more connected.
“Every council has thousands of citizens depending on its services daily. Going offline due to a cyber-attack can deny people access to critical services. To minimise the impact of data breaches, it is important that councils are constantly prepared to prevent, detect and respond to attacks. While our findings show that councils are taking some steps to achieve this, approaches vary widely and, in many cases, are not enough.
“Our analysis reveals some pretty shocking failings, such as 29 data breaches reported to the ICO by one council in a single year. The fact that approximately half of all council employees across the UK did not receive security training in 2020 is also concerning,” Nicholls added.
*Notes for editors
Redscan submitted FOI requests to 398 borough, district, unitary and county councils on 8 January 2021 and received responses from 265 (63%) by 1 March 2021.
Read the full report here.
About Redscan, A Kroll Business
Redscan is an award-winning provider of managed security services, specialising in Managed Detection and Response, Penetration Testing and Red Teaming. As of March 2021, Redscan is now part of Kroll, the world’s premier provider of services and digital products related to governance, risk and transparency.
About Kroll
Kroll is the world’s premier provider of services and digital products related to governance, risk and transparency. We work with clients across diverse sectors in the areas of valuation, expert services, investigations, cyber security, corporate finance, restructuring, legal and business solutions, data analytics and regulatory compliance. Our firm has nearly 5,000 professionals in 30 countries and territories around the world. For more information, visit www.kroll.com.