Nearly half (49%) of the UK’s local councils have been targeted by a cyber attack since the start of 2017.
That’s according to research from insurance broker Gallagher, which says councils where hit by more than 263 million cyber-attacks in the first half of 2019, averaging 800 attacks per hour.
The average successful cyber-attack on a council results in costs of £430,000, a bill ultimately paid by taxpayers.
Furthermore, just 13% of councils hold a standalone cyber insurance policy meaning that the vast majority of UK authorities are underprepared for the financial deficit caused by a cyberattack, which could set them back millions of pounds.
Freedom of information (FOI) requests by Gallagher found that out of the 203 councils that responded, 101 had experienced an attempted cyber-attack on their IT systems since 2017. More than a third (37%) of these local authorities had experienced cyber-attacks in the first half of this year.
The councils admitted to experiencing 263 million attacks in the first six months of 2019, equating to almost 800 attacks every hour. A further 204 councils either declined the information request over security concerns, or failed to respond, suggesting the true number of attacks across all councils could be more than double this and exceed 500 million in the first half of this yeariv .
Since the beginning of 2017, 17 attacks were reported to have resulted in a loss of data or money. The financial impact of such attacks can be extensive, with one council reporting a loss of over £2 million.
Gallagher says councils could represent prime targets for cyber-attacks due to their holding significant amounts of personal data, warning that the threat of a big fine from the Information Commissioner’s Office (ICO) is also potentially looming.
Tim Devine, Managing Director of Public Sector & Education at Gallagher, said: “Our research illustrates the scale of the challenge facing local authorities in the UK. Councils are facing an unprecedented number of cyber-attacks on daily basis. While the majority of these are fended off, it only takes one to get through to cause a significant financial deficit, a cost which the tax payer will ultimately foot. Costs and reputational damage at this scale can be devastating for public authorities, many of which are already facing stretched budgets. In many scenarios, the people responsible for purchasing cyber insurance products need decisions to be made at member, or management level. The cyber threat and the need for cover needs to be high on every local authority’s agenda.”