If you think the financial services industry has it bad with the number of data breaches the sector has faced in recent months, just look to the local authorities in the UK, which are experiencing an unprecedented number of cyberattacks.
According to Gallagher, 49% of councils reported being targeted by cyberattacks since the beginning of 2017. Freedom of information requests filed by the global broker revealed that from the 203 councils that responded, 101 had been the victims of attempted cyberattacks on their IT systems.
Moreover, 37% of local authorities had already been subjected to a cyberattack in the first half 2019. Altogether, the councils experienced 263 million attacks in the first six months of this year, which comes out to almost 800 attacks every hour. These numbers are likely even higher as 204 councils declined the information request over security concerns or failed to respond, reported Gallagher, suggesting that the final tally of attacks could top 500 million in the first half of 2019.
These attacks can lead to devastating financial consequences, with one council reporting a loss of more than £2 million. The threat of regulatory fines for data breaches also looms over the UK after the GDPR came into effect last year. With the large amounts of personal data they hold, councils make for prime targets of cyber hackers and, in turn, the threat of a significant fine from the Information Commissioner hangs over their heads.
Many local authorities are exposed even further because they don’t have adequate insurance. In fact, just 13% of local councils have a cyber insurance policy in place that protects them from financial loss or loss of data. From those that have been hit with a cyberattack before, just one currently holds a cyber policy.
“Our research illustrates the scale of the challenge facing local authorities in the UK. Councils are facing an unprecedented number of cyberattacks on daily basis,” said Tim Devine, managing director of public sector and education at Gallagher. “While the majority of these are fended off, it only takes one to get through to cause a significant financial deficit, a cost which the taxpayer will ultimately foot. Costs and reputational damage at this scale can be devastating for public authorities, many of which are already facing stretched budgets.
“In many scenarios, the people responsible for purchasing cyber insurance products need decisions to be made at member, or management level. The cyber threat and the need for cover needs to be high on every local authority’s agenda.”