Local authorities have reported 98 million cyber attacks in the past five years, with 25 councils experiencing either data loss or a breach of data protection, a new report has found.
A total of 114 councils (29%) responded to a freedom of information request, confirming at least one security breach in the period 2013-2017, while more than half of all successful attacks went previously unreported, campaign group Big Brother Watch reported.
The report found that Merton LBC and Westminster City Council were the worst affected, reporting three data loss or data breach events. Dacorum BC, Lincolnshire CC, Derby City Council, Canterbury City Council, Warwick DC, and Tonbridge & Malling BC all reported two incidences of data breaches respectively.
Pat Walshe, director of data protection consultancy Privacy Matters, said: “The Big Brother Watch report reveals inconsistent approaches to safeguarding personal and sensitive data held by local authorities.
“It highlights the pressures faced by local authorities in a world of diminishing resources but increasing demands. It will be important that local authorities receive appropriate support moving forward.”
The research found human error to be the main factor that affected all councils, yet three in four of the local authorities which responded still do not provide mandatory cyber security training to staff.
Jennifer Krueckeberg, lead researcher at Big Brother Watch said: “With councils hit by over 19 million cyber attacks every year, one would assume that they would be doing their utmost to protect citizens’ sensitive information.
“We are shocked to discover that the majority of councils’ data breaches go unreported and that staff often lack basic training in cyber security. Local authorities need to take urgent action and make sure they fulfil their responsibilities to protect citizens. ”
A Local Government Association spokesman said: “Whether they are council, government, or business owned, websites are being constantly bombarded by cyber-attacks every single day, and protecting against and responding to attacks is a part of everyday digital life.
“Very few of these attacks actually manage to breach the firewalls or scanning systems in place, and councils are working closely with the National Cyber Security Centre (NSCS) to make sure that their systems and processes are as robust and resilient as possible.
The NCSC drew up four “simple and free measures” in June 2017 to improve basic cyber security for government bodies, aimed at countering internal and external threats. Termed the Active Cyber Defence (ACD) programme, the NSCS aims to make online services safer and easier through four free programs which are free for councils to use.
Councils are now storing and processing increasingly large amounts of personal data which is highly valuable to organised crime gangs. The innovation charity National Endowment for Science, Technology and the Arts recently reported that councils were harvesting everything from personal email addresses to information on at-risk children in order to improve predictability and responsiveness.
The latest indictment by US special counsel Robert Mueller reported that data stolen from massive data breaches had been used to illicitly open fake social media accounts and commit financial crimes.