Local councils across the UK faced as many as 263 million cyber attacks in the first half of 2019, averaging around 800 cyber attacks every hour, Freedom of information (FOI) requests by insurance broking firm Gallagher have revealed.
Considering that this information is based on responses obtained from only 201 out of 405 local councils that were contacted, the actual count of cyber attacks launched against all local councils across the UK could be staggering.
According to Gallagher, the total number of cyber attacks targeting local councils could have been more than 500 million in the first half of this year. Even though the proportion of successful cyber attacks is very low, successful attacks cost local councils £430,000 on average which is ultimately borne by taxpayers.
Based on responses to its Freedom of information requests, Gallagher found that almost half of all local authorities had experienced an attempted cyber-attack on their IT systems since 2017 and 37% of them had experienced cyber-attacks in the first half of this year.
Local councils lacking cyber insurance policies are exposed to huge financial losses
While a particular cyber attack cost a local council over £2 million, there have been 17 successful cyber attacks on local councils since 2017 that have resulted in a loss of data or money. The fact that only 13% of councils hold a standalone cyber insurance policy, very few councils can recover their costs in the aftermath of a successful cyber attack.
"Costs and reputational damage at this scale can be devastating for public authorities, many of which are already facing stretched budgets. In many scenarios, the people responsible for purchasing cyber insurance products need decisions to be made at member, or management level. The cyber threat and the need for cover needs to be high on every local authority’s agenda," said Tim Devine, Managing Director of Public Sector & Education at Gallagher.
In February last year, a report from privacy group Big Brother Watch revealed that local councils across the UK suffered around 98 million cyber attacks between 2013 and 2018 that resulted in 376 cyber incidents in total.
Local councils found lacking in providing cyber security training to employees
The group found that while 114 councils had suffered at least one cyber incident between 2013 and 2018, 56 percent of affected councils did not report breaches suffered as a result of cyber attacks in order to avoid embarrassment and possible imposition of fines by the ICO.
Big Brother Watch also found that while 297, or 75 percent of all local councils, did not provide mandatory cyber security training to their employees, 62 councils did not provide any cyber security training at all.
"Local government networks are often seen as low hanging fruit by cyber criminals. Smaller government offices tend to lack the budgets necessary to build efficient information security programs, and the IT departments at these agencies are frequently understaffed with inexperienced workers," says Saryu Nayyar, CEO of Gurucul.
"The unrelenting cyberattacks that UK councils experienced in 2019 will not abate in 2020. Due to the IT staff limitations that these councils often deal with, they would be wise to invest in automated security analytics solutions that can identify and mitigate the cyberattacks that human personnel would never be able to keep up with."