21.02.18
Councils face 37 cyber-attacks a minute – but over half of breaches go unreported
UK councils have been hit by over 98 million cyber-attacks in the past five years, an investigation has revealed.
An investigation by campaign group Big Brother Watch found that the extent of cyber security threats faced by councils amounts to a whopping 37 cyber-attacks every minute.
Between 2013 and 2017, 29% of local authorities experienced at least one cyber security breach. There were 376 total breaches in security, and 25 councils experienced one or more incidents that resulted in the loss or breach of data – but half of these incidents went unreported.
The group claims to have uncovered an “overwhelming failure of councils to report losses and breaches of data.”
It also found that, despite human error being the main factor that makes a hack successful, three-quarters of local authorities do not provide mandatory cyber security training to staff, and 16% provide no cyber security training at all.
The campaign group argued that this raises concerns about the commitment and ability of councils to protect the sector against cyber-attacks, at a time when they are collecting more personal information about residents than ever before – which invariably makes them a growing target for attacks.
Jennifer Krueckeberg, lead researcher at Big Brother Watch, said: “With councils hit by over 19 million cyber-attacks every year, one would assume that they would be doing their utmost to protect citizens’ sensitive information.
“We are shocked to discover that the majority of councils’ data breaches go unreported and that staff often lack basic training in cyber security.
“Local authorities need to take urgent action and make sure they fulfil their responsibilities to protect citizens.”
Responding to the report, an LGA spokesperson agreed that websites, regardless of the owner, are “constantly bombarded” by cyber-attacks each day.
“Very few of these attacks actually manage to breach the firewalls or scanning systems in place, and councils are working closely with the National Cyber Security Centre to make sure that their systems and processes are as robust and resilient as possible,” they continued.
“When it comes to data protection, local authorities take their responsibility to keep their residents’ data safe extremely seriously. Councils will undertake whatever measures are necessary to keep residents’ data safe and the LGA has been helping councils to adopt ‘secure by design’ approaches to new systems and services.”
Have you got a story to tell? Would you like to become a PSE columnist? If so, click here.