As local authorities place greater reliance on digital services, it’s important they review and invest in their cybersecurity arrangements to manage the risk of potentially disruptive cyber incidents.

Author: Andy Cotter


Cyber-attacks are on the rise, but despite this growing risk, less than a quarter (23%) of UK businesses have a formal cybersecurity strategy in place.1

For any organisation, a cyber incident can be extremely damaging—potentially leading to the loss of data, financial penalties and other costs, as well as reputational damage. One of the biggest impacts on an organisation in the event of a cyber-attack or data breach is business interruption, and for councils this can mean disruption to the running of council services.

Government networks are an attractive target to cybercriminals, particularly as the uptake in online services means their crimes can now be carried out on a much larger scale. Attackers will often seek to control computer infrastructure and use it as a platform for carrying out other activity, such as sending spam and phishing emails. They also launch ransomware attacks, locking victims out of their data and demanding a ransom to restore access.

Building cyber resilience across your organisation means making informed decisions. To do this, it is important to understand what your cyber vulnerabilities are, and what is required to deal with these vulnerabilities and strengthen your defences.

Here are some key questions to consider before, during, and after a cyber-attack.

Before—strengthening your defences

  • How does your council currently understand and manage cyber risk? What are your existing cybersecurity capabilities?
  • To what extent can you ensure these resources are deployed where they are most needed?
  • How does the council use the National Cyber Security Centre’s tools and services? Do your technical staff follow the 10 Steps to Cyber Security?
  • How informed are your council’s decision-makers when it comes to making decisions about cyber risk?
  • Are your employees given training on reducing cyber risk? How do officers back up council data, and how regularly is this tested?
  • How aware are your employees about actual threats, attacks and near misses? Do they receive cybersecurity updates?
  • What is your approach to managing cyber security risk within the supply chain?

During—response capabilities

  • Do you have a tried and tested recovery and continuity plan for cyber incidents that can be immediately activated in the event of an attack or data breach?
  • How would you deliver services if there was no access to IT during, or immediately after, a cyber-attack?
  • Do you have an external risk management partner who can assist you with your recovery operations and help you limit disruption and damage?

After—actions and learning opportunities

  • In the first instance, a data breach should be reported to the Information Commissioner’s Office (ICO) within 72 hours of detection.
  • If personal data was lost due to a breach, do you have a communication plan in place to notify the affected individuals? This should be done promptly so they can take the necessary safeguarding steps.
  • Are you able to detect what the gaps are between your risks and capabilities? Where does investment need to be targeted?
  • How will you sustain and build on your existing capabilities as the threat landscape evolves?
  • What can you learn from the incident that you can share with other councils and organisations to help them manage their risk?

While it is not currently possible to prevent all cyber-attacks, all the time, having a robust cyber incident management plan can be vital for public sector organisations. Even if disruption to services is minimal, if you are found to have failed in your responsibilities to secure personal data, you could be investigated by the Information Commissioner, and fined if found negligent.

How Gallagher can help

Our specialist team at Gallagher can help you manage your cyber risk exposures, strengthen your defences, and support you in obtaining the appropriate cyber insurance for your organisation in today’s challenging cyber insurance market. We can also offer support in the event of a cyber incident, including the recommendation of breach response vendors such as law firms and IT forensic consultants.

Please contact us if you would like to know more.

Author Information