Cyber-attacks are on the rise in councils.

Cyber-attacks, particularly ransomware attacks, can significantly impact councils and small to medium sized organisations. A recent Freedom of Information (FOI) request from Gallagher investigated the scale of cyber-attacks on UK councils, with 160 local councils sharing data on cyber-attacks, showing that more than 2.2 million attempted cyber-attacks up to August 2022*.

Types of cyber-attack

Phishing attacks are the biggest cyber threat to councils, with 75% of respondents to the study stating that it was the most common attempt against them. Malware is another major form of cyber-attack and can take place using malicious software, viruses, botnets, and ransomware to breach organisations’ servers.

Cyber-attackers can take a number of forms: members of organised crime looking to commit major data breaches, ‘hacktivists’ and individuals breaking into systems for political or socially-motivated reasons or insiders stealing sensitive data or sabotaging an organisation for personal gain.

The impact of cyber-crime can be far-reaching and costly for a council. The councils that participated in the Gallagher study shared that over £10 million had been paid out in lost monies to hackers, legal costs and fines. It is vital that councils have the right policies and programs in place to protect them from cyber-crime.

How can councils protect their organisation?

A council can take several steps to help protect and insure its organisation against future attempted cyber-attacks. A multi-layered approach to protection is key. Implementing cyber awareness and training programs, multi-factor authentication, ensuring anti-virus software is up to date and having data backed up regularly can all help to protect an organisation from cyber-criminal activity.

Cyber-attacks pose a significant risk to small and medium sized organisations and many insurers will insist on seeing what cyber risk controls and risk reduction policies are in place to avoid cyber-attacks before providing a quote or issuing a policy.

The Cyber Risk specialist team at Gallagher are well-placed to provide support and advice to help make sure your council has appropriate protections and controls in place. Gallagher Cyber Assist Lite can help you understand your data/cyber risks, the effectiveness of the existing controls and identify changes you may need to make to improve your organisation’s resilience to cyber-attack.


*Based on Freedom of Information requests sent to 426 councils across the UK on 20 June 2022. Of these, 243 responded before 15 August 2022, with 83 councils refusing to share the data, either due to exemptions or it not being held, meaning 160 councils shared at least some of the data requested. 2,274,188 attempted cyber-attacks in 2022 were reported by UK councils. 88 councils responded with data as a result of this section of the Freedom of Information request.