Chief executives and senior managers are being warned about the threat of cyber attacks on their council and the damaging impact it can have on residents and a local authority’s reputation.
The issue is becoming such a concern that the Local Government Association is bidding for funds from the Cabinet Office to help councils protect the data they hold.
This comes after LGC learned in the summer of reports that Russian hackers had accessed council library systems, while Doncaster MBC suffered a malware attack in April 2016.
That incident was “potentially catastrophic” for the council, according to its technical security and compliance officer Chris Whitechurch who was speaking at a fringe session at the Society of Local Authority Chief Executives & Senior Managers summit in Manchester.
However, Mr Whitechurch said Doncaster picked up on the “attack which occurred against a single laptop attached to the corporate network” early so the council was able to contain the malware.
He said the council was able to quickly restore the system because the council was prepared and able to implement its plan for such an eventuality.
“Cyber security must be recognised as a corporate risk and it’s surprising how many organisations don’t have this on their risk register,” said Mr Whitechurch.
He added Doncaster’s senior management team takes the issue seriously. “Without that executive support you are never going to move to a mature process on cyber security,” he said.
Dave Pearson, chief technology officer for Wigan and Bolton MBCs, agreed. He said: “It’s important to consider this as an organisational threat rather than just an IT threat…
“The loss of data is a reputational risk and potentially, in the worst case scenario, it can be a threat to life.”
Mr Pearson said that was because councils hold a lot of sensitive information and vulnerable children and adults.
Stephen Baker, Solace’s spokesperson for civil resilience and emergency planning and chief executive of Suffolk Coastal and Waveney DCs, said: “This seems to be a risk like no other, in terms of civil resilience.
“It’s difficult to understand the motivations [for a cyber attack] – sometimes it’s financial, sometimes it’s curiosity, but the potential for reputational risk as much as anything else and the damage to services is immense.”
Sarah Pickup, the LGA’s deputy chief executive, said a bid for central government funding to help councils deal with “cyber security challenges” is being prepared.
“We will be looking at getting more information about what the challenges are and perhaps putting some bespoke support into areas that particularly need it and looking at what we can do in the long-run,” she said.