UK local councils struggle with handling cybersecurity ―but they can overcome challenges


Cybersecurity is one of the most important shields for securing customer data. But as technology developed and helped us evolve, hackers got more experienced in breaking through network systems and stealing money and essential information.

According to Statista, cybersecurity breaches occur at least once a week in the UK. Corporate-owned servers are the most common entry points for cyber attackers.

Unfortunately, companies are not ready to face these challenges, as only 15% of UK firms conducted vulnerability audits. Of course, the number of resources added for improving cybersecurity varies by industry. Still, we can state that the local council sector is among the last to prioritise cybersecurity. At the same time, governments do not support helping councils mitigate attacks. Let’s not forget that the Redcar and Cleveland Borough Council had to deal with a ransomware situation for a week with little to no support from official bodies and cover the £11.3m cost for the attack.

Hence, UK local councils must prepare to face such an occurrence single-handedly.

What are the common attacks UK local councils experience?

Local councils have been hit by an increasing number of cybersecurity attacks recently, with phishing being the most frequent. Phishing attempts are made to convince people to give their personal information to legitimate institutions through email or text. In this case, the attacker poses as the institution and the coverage is so good that it’s difficult for a regular person to tell if the interaction is genuine or not.

Other frequent attack types include DDoS attacks, which are more complex to deal with. Rather than targeting people, these systems turn off sites or internet connections through false requests on the server.

Regardless of the attacks, it’s sure that stealing data is the main goal of any attacker because it offers a way to manipulate councils to receive money. If this happens, it’s almost impossible for local councils to retrieve their citizens’ data so they can make a data breach claim, according to

What are the leading causes of data breaches in local councils’ systems?

Cyber attacks cannot be 100% prevented or solved, which is why you’re never too prepared. However, councils tend to ignore the efforts required to avoid such occurrences for cybersecurity. For instance, most data breaches happen due to human error, such as accidental emailing or misuse of BBC. The issue of digital literacy is still substantial despite technology being widely accessible and easy to understand.

Solving human-based errors is truly a challenge. Indeed, younger people are better prepared for the job market now, while older workers have to learn as they go. That doesn’t mean they don’t deserve a job that includes the use of technology because industries are constantly changing, and they’ve been trained to perform the same tasks forever.

Another issue is the lack of security on emails and large files. Local councils should better understand the importance of advanced encryption on documents that include people’s personal data. Most of the time, using the services of a third-party security can help protect sensitive information, but employees must be trained in this direction, too.

Local councils should also comply with data protection and risk management policies, even if that means investing more in the IT sector. Of course, this means decreasing funds in other less important areas or receiving more funding. Either way, protecting digital information is never enough.

How can local councils mitigate risk?

Mitigating cybersecurity risk is an ongoing process that doesn’t simply stop at a milestone. That’s because hackers will always get better at breaking systems with the latest technological advancement, especially if the stake is considerable.

Hence, the first and most important thing local councils can do is train their employees and event management to understand the online environment truly. The subject of cyber resilience cannot be touched if basic technology information isn’t fully understood, meaning that frequent cyber training would be required. The cyber issue is so vast that it cannot be covered in a few hours, and there are so many terms regarding cybersecurity that it might be overwhelming for people to learn things from a new field.

But for an efficient work environment to contribute to enhanced security, the local council must strive for innovation. This requires plans for progress in what includes new hardware, upgraded software solutions and better security audits.

A change in a company’s culture is essential

Transforming the customs and ideas of a small local council seems too tricky because every area has established specific ways of achieving its goals, so getting every one of them to reach a common standard looks almost impossible.

Only recently, women working in local councils were prone to discriminatory pay and were allowed to get equal salaries due to some claims made by the GMB Union. While this practice is not necessarily happening only in local councils, it’s where troubles begin. Hence, local authorities might be forced to raise women’s wages. But the idea that they’ve considered page gaps alright is part of a broken company culture that’s been present in communities for decades.

Hence, local communities must change their cultures of how work should be done and what aspects require special attention. In today’s society, all companies must recognize the need for equal pay, use technology at its best and embrace new working methods.

Unfortunately, most councils still work based on old guidelines, which is why most are slowing down any process that requires the involvement of documents. The budgetary pressures also contribute to inefficient staffing and lack of technological involvement, which is why we emphasise the need for a change within the core of local councils.

Final considerations

UK local councils are facing difficulties in handling cybersecurity measures since they’re the annual targets of numerous hackers. As they’re not provided the proper support and the massive costs of such attacks, some are left to complete their documents on paper and get back to traditional ways of recording essential activities. However, they need to mitigate cybersecurity better and approach technology and cyber resilience more responsibly.





About Author

Leave A Comment