Councils across the UK are facing unprecedented numbers of cyber-attacks, with nearly half (49%) of local councils being targeted since the start of 2017, according to Gallagher one of the world’s largest insurance broking, risk management and consulting services companies.
Freedom of information (FOI) requests by Gallagher found that out of the 203 councils that responded, 101 had experienced an attempted cyber-attack on their IT systems since 2017. More than a third (37%) of these local authorities had experienced cyber-attacks in the first half of this year.
The councils admitted to experiencing 263m attacks in the first six months of 2019, equating to almost 800 attacks every hour. A further 204 councils either declined the information request over security concerns, or failed to respond, suggesting the true number of attacks across all councils could be more than double this and exceed 500 million in the first half of this year.
Since the beginning of 2017, 17 attacks were reported to have resulted in a loss of data or money. The financial impact of such attacks can be extensive, with one council reporting a loss of over £2m.
The threat of heavy regulatory fines for data breaches has risen since the implementation of GDPR. Councils could represent prime targets for cyber-attacks due to their holding significant amounts of personal data, Gallagher warns that the threat of a big fine from the Information Commissioner’s Office (ICO) is also potentially looming.
Local authorities remain fundamentally exposed when it comes to adequate insurance cover. From the research undertaken, only 34 councils currently hold a cyber-insurance policy – equivalent to just 13% of councils – that protects them from a financial loss or loss of data. Looking specifically at councils that have been hit by a successful attack previously, just one even now holds a cyber-specific policy.
Tim Devine, Managing Director of Public Sector & Education at Gallagher, said: “Our research illustrates the scale of the challenge facing local authorities in the UK. Councils are facing an unprecedented number of cyber-attacks on daily basis.
“While the majority of these are fended off, it only takes one to get through to cause a significant financial deficit, a cost which the tax payer will ultimately foot. Costs and reputational damage at this scale can be devastating for public authorities, many of which are already facing stretched budgets. In many scenarios, the people responsible for purchasing cyber insurance products need decisions to be made at member, or management level. The cyber threat and the need for cover needs to be high on every local authority’s agenda.”