Councils across the UK are facing unprecedented numbers of cyberattacks, with nearly half (49%) of local councils being targeted since the start of 2017, according to Gallagher – one of the world’s largest insurance brokers, risk management and consulting services companies.
Freedom of information (FOI) requests by Gallagher found that out of the 203 councils that responded, 101 had experienced an attempted cyberattack on their IT systems since 2017. More than a third (37%) of these local authorities had experienced cyberattacks in the first half of this year.
The councils admitted to experiencing 263 million attacks in the first six months of 2019, equating to almost 800 attacks every hour. A further 204 councils either declined the information request over security concerns, or failed to respond, suggesting the true number of attacks across all councils could be more than double this and exceed 500 million in the first half of this year.
Since the beginning of 2017, 17 attacks were reported to have resulted in a loss of data or money. The financial impact of such attacks can be extensive, with one council reporting a loss of over £2 million.
The threat of heavy regulatory fines for data breaches has risen since the implementation of GDPR. Councils could represent prime targets for cyberattacks due to their holding significant amounts of personal data, Gallagher warns that the threat of a big fine from the Information Commissioner’s Office (ICO) is also potentially looming.
Local authorities remain fundamentally exposed when it comes to adequate insurance cover. From the research undertaken, only 34 councils currently hold a cyberinsurance policy – equivalent to just 13% of councils – that protects them from a financial loss or loss of data. Looking specifically at councils that have been hit by a successful attack previously, just one even now holds a cyber-specific policy.
Commenting on the epidemic of cyber incidents, Tim Devine, Managing Director of Public Sector and Education at Gallagher, said: “Our research illustrates the scale of the challenge facing local authorities in the UK. Councils are facing an unprecedented number of cyberattacks on a daily basis. While the majority of these are fended off, it only takes one to get through to cause a significant financial deficit, a cost which the taxpayer will ultimately foot. Costs and reputational damage at this scale can be devastating for public authorities, many of which are already facing stretched budgets. In many scenarios, the people responsible for purchasing cyberinsurance products need decisions to be made at member, or management level. The cyberthreat and the need for cover needs to be high on every local authority’s agenda.”