Last week the latest report from the Department for Digital, Culture, Media & Sport (DCMS) found that half of UK businesses recognize cyber dangers after an attack, and today a Freedom of Information (FOI) request from Gallagher has revealed that UK councils have been hit by 10,000 cyberattacks every day so far in 2022.
Gallagher’s FOI request disclosed that 2.3 million attempted cyberattacks against councils in the UK have been detected already this year. The study saw 161 local authorities share evidence and Gallagher noted that, based on the proportion of councils who dealt with data on cyber-attacks, the size of the problem is likely to be significantly tremendous.
Scaling up these figures thus to reflect response rates, the actual number of attacks across all committees is estimated to be greater than 11 million in 2022. Gallagher highlighted that while maximum incidents are intercepted by the IT security put in place by regional authorities, the surveyed councils had collectively paid out over £10 million over the past five years due to cybercrime – encompassing monies lost to hackers, legal costs, and fines.
Phishing attacks were established to be the greatest cyber threat to councils, with three-quarters (75%) stating that this was the most civil type of attempted attack. Distributed denial-of-service (DDoS) attacks represented the next most common form of attempted attack – ranking as the top threat this year for 6% of councils.
In a Press release, Gallagher reported that in response to the increased prevalence of cybercrime, in the last 12 months about half of the ouncils (52%) have had to employ the advice of an outer expert on how to mitigate the risk of cyber-attacks. Meanwhile, almost nine in 10 councils (85%) have boosted their cybersecurity. However, only 23% of councils currently hold a cyber insurance policy to protect against the potential effects of cyber risk.
Commenting on the findings, JJohnMongan, head of cyber risk management at Gallagher, said: “Criminals unfortunately only know too well that cyber-attacks can cripple says ms, and with many councils increasingly servicing local people’s needs digitally, they simply cannot afford to experience downtime.
“It is positive to see that committees are recognizing this threat, and looking to employ external experts to help prevent cyber-attacks – risk management and putting in the right security is key, and external experts are best spotted to advise what the most [up-to-date] measures are.”
Tim Devine, managing manager for government, housing, education & public sector at Gallagher also commented on the report and said councils want to have a plan in place should the worst happen.
“With so many attacks transpiring every day, it only takes one error to cause significant problems,” he said. “The risk in terms of associated costs and reputational damage as a result of cyber threats means having specialist cyber insurance in place should be a key deliberation but is by no means the only consideration for those wishing to mitigate the risks of an attack.”
