Majority of UK councils say their cybersecurity is outdated

Six in ten senior leaders at UK councils say their approach to cybersecurity is “outdated”, according to new research from software provider TechnologyOne.

The company surveyed more than 500 senior managers at local authorities across the UK. When asked what digital investments they are prioritising, only a quarter ranked cybersecurity in their top three, despite over half stating they could not afford the cost of a data breach.

Major priorities included finding technology partners, automating repetitive tasks, replacing legacy systems, and boosting digital skills.

A quarter of councils (26 percent) said they have made ‘no progress’ on upgrading cybersecurity.

TechnologyOne warned that councils are increasingly vulnerable to cyber-attacks and data breaches.

Leo Hanna, Executive Vice President at TechnologyOne in the UK, said: “Systems held together by gaffer tape and chewing gum still deliver mission-critical services at local authorities across the country but they need to be urgently overhauled if they are to remain secure.”

The company is calling for more financial support from the government to help councils modernise their core IT systems.

Growing risk

A survey of 2,000 UK citizens was also conducted: 79 percent said they believe the online experience with their council to be secure, but 38 percent of councils said the opposite.

According to research from insurance broking and risk management firm Gallagher, UK councils were hit by 10,000 cyber attacks every day in August 2022, a 14 percent rise from the previous year. Figures from the Information Commissioner’s Office show that local authorities reported 203 data breaches between April and June in the first quarter of the 2022/23 financial year, up from 155 in the three months prior.

The government pledged almost £86 million (US$108 million) to invest in local authority cyber-resilience from 2021 to 2025, and in January 2022 launched the first cybersecurity strategy aimed specifically at protecting the public sector.

However, with the funding stretched thinly across councils and likely to run out soon, TechnologyOne has called for continued financial support from the government.

Hanna said: “As we have seen over the last few years, cyber-attacks on councils are costly for taxpayers and pose a threat to democracy. This is why we are calling on the government to provide funding to help local authorities invest in modern IT systems that act as a first line of defence against cyber criminals.”

Several local governments have faced serious cyber-attacks in recent years. In 2020, both Redcar and Cleveland Council and Hackney Council were hit by ransomware attacks, costing around £10 million and £12 million respectively. The cost of an attack on Gloucester City Council in December 2021 so far stands at £845,000.