Councils in the UK are dealing with thousands of attempted cyber-attacks every day, with a reported 2.3 million attacks being detected so far this year.
The statistics come from a Freedom of Information (FOI) request from insurance broking and risk management firm Gallagher, which was investigating the scale of cybercrime against UK councils. A hundred and sixty one local authorities shared information.
Based on the proportion of councils who shared data on cyberattacks, Gallagher claims the size of the problem is likely to be significantly greater. Scaling up these figures accordingly to reflect response rates, the true number of attacks across all councils is estimated to be more than 11 million in 2022.
While most cyberattacks are intercepted by IT security put in place by local authorities, the councils who shared data revealed that collectively they had paid out more than £10 million over the past five years due to cybercrime. This includes monies lost to hackers, legal costs and fines.
Phishing biggest cyber threat to councils
Phishing attacks are by far the biggest cyber threat to councils, with three-quarters (75 percent) stating that it was the most common type of attack that had been attempted against them.
Distributed denial-of-service (DDoS) attacks, which attempts to disrupt web traffic or services by overwhelming servers, were the second most common attempt type – ranking as the top threat this year for six percent of councils.
The increased prevalence of cybercrime has been exacerbated by increasing digitisation driven by the pandemic – affecting both the public and private sectors. In fact according Gallagher statistics, 15 percent of UK business owners say cybercrime is one of their biggest risks, specifically driven by the increased reliance on technology post-pandemic.
As a result of this growing risk, in the last 12 months around half of councils (52 percent) have needed to employ an external expert to give them advice on how to mitigate the risk of cyberattacks.
Nearly nine in 10 councils (85 percent) have increased their cybersecurity to help them cope with the volume and sophistication of attempted attacks, but despite these increased efforts to help guard against the growing threat. But currently only 23 percent of councils currently hold a cyber-insurance policy to protect against the potential consequences.
Have a plan in place
“Criminals unfortunately only know too well that cyber-attacks can cripple systems and with many councils increasingly servicing local people’s needs digitally, they simply cannot afford to experience downtime,” said Johnty Mongan, head of cyber risk management at Gallagher.
“It is positive to see that councils are recognising this threat, and looking to employ external experts to help prevent cyber-attacks – risk management and putting in the right security is absolutely key and external experts are best placed to advise what the most up to measures are.”
Tim Devine, managing director for government, housing, education & Public Sector at Gallagher added that it is important to have a plan in place should the worst happen.
“With so many attacks happening every day, it only takes one error to cause significant problems. The risk in terms of associated costs and reputational damage as a result of cyber threats means having specialist cyber insurance in place should be a key consideration but is by no means the only consideration for those wishing to mitigate the risks of an attack.”