60% of UK councils cannot afford the cost of a security breach

Almost two thirds of senior leaders at UK councils admit their approach to cybersecurity is outdated and they cannot afford the cost of a security breach, according to new research by TechnologyOne. 

In a survey of more than 500 senior managers at local authorities, it was found that only 25% of councils ranked cybersecurity in their top three priorities for digital investment, despite over half (59%) stating they could not afford the cost of data breach. 

These figures come as councils grow increasingly vulnerable to cyber attacks and data breaches. Figures by the Information Commissioner’s Office show that local authorities reported 203 data breaches between April and June in the first quarter of the 2022/23 financial year; representing a rise from 155 in the three months prior. 

Despite the growing threat, many local councils are still relying on outdated and  security systems, with more than a quarter of respondents (26%) acknowledging they have made ‘no progress’ on upgrading cybersecurity. 

Findings also reveal that local authorities and their residents are clearly at odds in how safe they perceive the online experience with councils to be, with 79% of residents believing it to be secure and two fifths of councils (38%) thinking the opposite. 

A call to action 

While there is a growing need for councils to strengthen their cyber-resilience,  cuts to local government budgets mean investment in new IT systems and services is easier said than done. 

One solution is to get better access to digital expertise, the report noted. Cheltenham Borough Council, for example, has launched the Golden Valley Development - an initiative that aims to build a community of cyber and digital start-ups and scale-ups in a single location. The development will give the council access to a range of vital cyber skills. 

Leo Hanna, Executive Vice President at TechnologyOne in the UK, calls on central government to provide further funding to help local authorities invest in modern IT systems. “Systems held together by gaffer tape and chewing gum still deliver mission-critical services at local authorities across the country but they need to be urgently overhauled if they are to remain secure," he said.  

“If you ask many councils whether they would prefer to invest in frontline IT experts or teachers, the answer is clear. But the reality is that the cost of an incident can be catastrophic and have lasting financial impact on a local community. As costs and demand for services rise, modern software solutions can help to ease the burden, freeing up valuable resources when they are needed most.”

The UK government’s National Cyber Strategy 2022 is also focused on brining local councils up to speed when it comes to cybersecurity. A key recommendation is increased investment to enable law enforcement to pursue investigations at scale and pace, as well as a major step up in data sharing between the government and industry.