Councils need more funding to protect against big rise in cyber attacks

More funding is needed by councils to ensure their computer systems, infrastructure and the personal data they collect and manage remains protected from crippling cyber attacks which have risen by 52 per cent against UK businesses, the Local Government Association (LGA) urged today.


With councils making more local public services available digitally, getting more of their workforce online and planning greater collaboration and integration work with partner organisations – which requires the sharing of residents’ and business customers’ data – reviewing and reinforcing current cyber security arrangements is a key priority for local authorities.

With cyber attacks predicted to continue increasing in both frequency and capability, the LGA is leading on a bid to government for funding for councils and local partner organisations to increase their collective capacity to respond to increasingly hostile cyber attacks.

As part of its Budget submission, the LGA, which represents more than 370 councils in England and Wales, is urging the Chancellor to support the bid to ensure local government has the skills, resources and necessary arrangements in place to work more effectively with local partner organisations so information relating to patients, residents and pupils can continue to be shared securely and efficiently.

Latest industry figures show that UK businesses were subjected to nearly 65,000 cyber attacks – more than 700 every day – each in the three months of April to June 2017, a rise of 52 per cent on the first quarter of 2017.

Councils have robust cyber security measures to safeguard personal data from criminal hackers, including firewalls and scanning services. They carry out cyber resilience exercises and penetration tests on their computer systems, and have introduced training for staff.

However, with more planned joined-up services leading to increased sharing of information and with malware attacks becoming more frequent and sophisticated, the LGA says more funding is needed to ensure local authorities do not expose themselves inadvertently to any cyber threat.

Cllr Paul Bettison, Chairman of the LGA’s Improvement and Innovation Board, said:

“Protecting personal data successfully from computer hackers looking to exploit private information for criminal purposes in an increasingly digitised world is a top priority for councils.

“However, as local authorities work even more with partners on national initiatives - such as the integration of health and social care, children’s services and welfare reform programmes - councils need to share more sensitive and personal information with organisations including hospitals, GPs, care homes, schools, academies, police and probationary services.

“For this reason councils need to ensure confidential information is protected as securely as possible from the rising number of cyber attacks which can bring businesses to their knees, by putting their IT services out of action for days and compromising personal data.

“Some hackers hold their victims to ransom by demanding an extortionate fee is paid to restore IT systems back to normal, even though there is no guarantee this will happen.

“Councils have invested in a range of measures to protect their systems and data, which are tested robustly for cyber resilience, but face an urgent need to prepare themselves to better deal with potential incidents of more frequent and powerful malware.

“The LGA agrees with the Government’s vision of the UK in 2021 as secure and resilient to cyber threats, prosperous and confident in the digital world, as set out in its National Cyber Security Strategy.

“Investing in cyber security must be seen as an economic opportunity and we urge government to allocate funding to councils to build capacity to respond to the growing threat of cyber attacks and ensure the safeguarding of personal data is as strong as possible.”

Notes to editors

  • The LGA is leading on a bid to the Cabinet Office for funding for councils to build the sector’s incident management capabilities to respond to cyber attacks. This will require new funding to develop the skills and capacity of councils, and the agencies leading on responses, including the Local Resilience Forums and the Warning Advice and Reporting Points, as well as have the resources and necessary arrangements in place to work more effectively with local partner organisations, for example, when Wannacry affected NHS Trusts, some asked for IT security support from their local councils.

The LGA is calling on the Budget to support the funding bid and for government to work with us, through the Cabinet Office, the National Cyber Security Centre and DCLG to deliver this important support to councils and local partners, increasing our collective capacity to respond to future cyber attacks. The bid can be read in our Autumn Budget submission, here.

  • Councils have invested in a range of measures to protect their systems and the data they hold, including: implementing firewalls and scanning services; applying government’s cyber security guidance; introducing training for their workforce and elected members; carrying out health checks, penetration tests and cyber resilience exercises to test their systems and processes; work with public sector partners through Warning Advice and Reporting Points and Local Resilience Forums to protect their systems from, and put in place plans to respond to, cyber attacks.
  • According to a report by internet service provider Beaming, cyber attacks on UK businesses have increased by 52 per cent in the second quarter of 2017, compared to the previous quarter.
  • Three-quarters of council departments have experienced a cyber attack in the past year, according to a report by Malwarebytes.
  • Ransomware is a cyber attack that involves hackers taking control of a computer system and blocking access to it until a ransom is paid. Cyber criminals generally gain access to a computer system by getting a victim to click on a malicious link or download it onto a device within the network by mistake. The hacker can then lock all files, which is often a gradual process with files being encrypted one after another.
  • In May 2017 global ransomware attack Wannacry affected more than 200,000 organisations in 150 countries, including the UK, where it hit 47 NHS trusts, leading to operations being cancelled and patients turned away from A&E.