Councils across the UK are facing an unprecedented number of cyber attacks, with one third of local authorities targeted in the first six months of 2019 alone, according to re/insurance broker Gallagher.
Of the 202 councils that responded to freedom of information (FOI) requests from Gallagher, 101 also said they had experienced a cyber attack on their IT systems since 2017.
The councils admitted to experiencing 263 million attacks during the first half of 2019, equating to almost 800 attacks every hour.
A further 204 councils either declined the information request over security concerns, or failed to respond, leading Gallagher to speculate that the true number of attacks across all councils could be more than double the reported figure, exceeding 500 million in the first half of this year.
Since the beginning of 2017, just 17 attacks were reported as having resulted in a loss of data or money, although in some instances losses have totalled over £2 million.
Gallagher also warned that the threat of large fines from the Information Commissioner’s Office (ICO) is looming following the implementation of GDPR laws.
The broker’s research showed that only 13% of councils hold a cyber insurance policy that protects them from a financial loss or loss of data.
Looking specifically at councils that have been hit by a successful attack previously, just one even now holds a cyber-specific policy, Gallagher added.
“Our research illustrates the scale of the challenge facing local authorities in the UK,” said Tim Devine, Managing Director of Public Sector & Education at Gallagher.
“Councils are facing an unprecedented number of cyber-attacks on daily basis. While the majority of these are fended off, it only takes one to get through to cause a significant financial deficit, a cost which the tax payer will ultimately foot,” he explained.
“Costs and reputational damage at this scale can be devastating for public authorities, many of which are already facing stretched budgets. In many scenarios, the people responsible for purchasing cyber insurance products need decisions to be made at member, or management level. The cyber threat and the need for cover needs to be high on every local authority’s agenda.”