Gloucester City Council is still reeling from the cyber incident that hit it last December – i.e., IT systems have yet to be restored – and now the council is facing questions over its cyber insurance, or possibly lack thereof.
“It is ridiculous that the Conservative administration at the city council won’t disclose whether or not it had insurance to cover the cost of recovery from the cyberattack,” Gloucester News Centre and Gloucestershire Live reports quoted Councillor Jeremy Hilton as asserting. “Saying ‘yes’ or ‘no’ would not disclose anything confidential that would hamper the recovery from hacking of the council’s IT systems.
“We already know that £380,000 has been put aside for the cyber recovery, but this may not be nearly enough. If the council had insurance against such an event, then the final cost to the taxpayer would be considerably reduced. The non-answer from the city council is a clear indicator that it wishes to keep the public in the dark.”
Hilton went on to state: “One imagines, if they had insurance, they would have come back and proudly said ‘yes’. I suspect the true answer is ‘no’ and that the council did not have insurance.”
On the council’s website remains a cyber incident page outlining what’s currently being done in response to the breach, including working closely with the National Cyber Security Centre and the National Crime Agency. In its note, which makes no mention of insurance, the council laments that it is “unfortunately not possible” to provide a timeframe for when the issues will be resolved.
Meanwhile Councillor Terry Pullen, who declared that the taxpayer-funded council “cannot keep hiding behind a veil of secrecy,” was cited by local media as saying: “I have enquired if the council is insured against cyberattack and have not had a positive response. I can only conclude that the council is not insured.”