Last week the latest report from the Department for Digital, Culture, Media & Sport (DCMS) found that half of UK businesses only recognise cyber threats after an attack and today a Freedom of Information (FOI) request from Gallagher has revealed that UK councils have been hit by 10,000 cyberattacks every day so far in 2022.
Gallagher’s FOI request unveiled that 2.3 million attempted cyberattacks against councils in the UK have been detected already this year. The research saw 161 local authorities share information and Gallagher noted that, based on the proportion of councils who shared data on cyber-attacks, the size of the problem is likely to be significantly greater.
Scaling up these figures accordingly to reflect response rates, the actual number of attacks across all councils is estimated to be greater than 11 million in 2022. Gallagher highlighted that while most incidents are intercepted by the IT security put in place by local authorities, the surveyed councils had collectively paid out over £10 million over the past five years due to cybercrime – including monies lost to hackers, legal costs and fines.
Phishing attacks were founded to be the greatest cyber threat to councils, with three-quarters (75%) stating that this was the most common type of attempted attack. Distributed denial-of-service (DDoS) attacks represented the second most common form of attempted attack – ranking as the top threat this year for 6% of councils.
In a Press release, Gallagher noted that in response to the increased prevalence of cybercrime, in the last 12 months about half of councils (52%) have had to employ the advice of an external expert on how to mitigate the risk of cyber-attacks. Meanwhile, almost nine in 10 councils (85%) have increased their cybersecurity. However, only 23% of councils currently hold a cyber insurance policy to protect against the potential consequences of cyber risk.
Commenting on the findings, Johnty Mongan, head of cyber risk management at Gallagher, said: “Criminals unfortunately only know too well that cyber-attacks can cripple systems and with many councils increasingly servicing local people’s needs digitally, they simply cannot afford to experience downtime.
“It is positive to see that councils are recognising this threat, and looking to employ external experts to help prevent cyber-attacks – risk management and putting in the right security is absolutely key and external experts are best placed to advise what the most [up-to-date] measures are.”
Tim Devine, managing director for government, housing, education & public sector at Gallagher also commented on the report and said it is important for councils to have a plan in place should the worst happen.
“With so many attacks happening every day, it only takes one error to cause significant problems,” he said. “The risk in terms of associated costs and reputational damage as a result of cyber threats means having specialist cyber insurance in place should be a key consideration but is by no means the only consideration for those wishing to mitigate the risks of an attack.”
