03 October 2025

Building cyber resilience across councils

Building cyber resilience across councils image
© NicoElNino / Shutterstock.com.

For councils, cyber resilience is no longer optional. Quick recovery, robust backups, and proactive planning safeguard critical services, sensitive data, and public confidence in an increasingly hostile cyber landscape, says Jacob Anderson, regional vice president, Rubrik UK.

In recent years, there has been a significant increase in cyber attacks aimed at UK public sector organisations. These cyber incidents have caused substantial negative impacts. Councils are high-value targets due to the volume of personal data they hold, and the critical services they deliver.

Earlier this year, Gateshead Council suffered an attack by the Medusa ransomware group that saw stolen documents, including sensitive personal data, published online. Meanwhile, Hackney Council continues to contend with the long-term financial and operational consequences of its 2020 breach, highlighting how enduring the effects of such incidents can be. Compliance alone is insufficient

Given the risk to the UK public sector’s cyber security, a purely compliance-driven approach is inadequate against today’s adversaries. While regulatory alignment is important, it does not provide the agility needed to deter sophisticated, persistent attackers.

Strengthening cyber resilience is essential to stop groups including the Holy League, a coalition of pro-Russian and pro-Palestinian hacktivists, that earlier this year targeted the British Army, Royal Navy and the Office for Nuclear Security. Councils that contain breaches and recover quickly protect both services and the people who rely on them. Resilience begins with recovery

Adversaries exploit gaps in technology, processes, regulation and skills. They require only a single successful intrusion, whereas defenders must repel every attempt. The imbalance makes the prospect of complete prevention unrealistic. Traditional perimeter-focused defence strategies have their place, but they are no longer sufficient on their own.

Critical infrastructure operators must instead adopt a recovery-first mindset: anticipating breaches, planning for rapid restoration of services and ensuring continuity even in the face of compromise. The goal is not to prevent 100% of attacks but to withstand them and return to normal operations quickly and securely.

The implications of a ransomware payment ban

The UK government’s proposal to prohibit ransomware payments by public sector organisations raises the stakes considerably. If the proposal comes into effect, councils, NHS trusts and schools will no longer be able to pay ransoms as a last resort to regain access to systems. The intention is to disrupt the financial model that underpins cybercrime. However, this shift places even greater responsibility on public bodies to ensure they can detect, contain and recover without delay.

Immutable backups, rapid recovery mechanisms and continuous monitoring are now indispensable. Without these, public services risk prolonged outages that could undermine public confidence, particularly when highly sensitive information is compromised.

Automation, immutable backups and rapid recovery

Automation provides one of the most effective means of strengthening cyber resilience. By accelerating threat detection and incident response, automation helps security teams act decisively in the early stages of an attack. Automated testing of backup environments and continuous monitoring further enhance resilience, reducing the time and cost associated with recovery.

Immutable backups are equally critical. Once stored, data cannot be modified or deleted, even if attackers gain administrative access. This ensures that the last uncompromised copy remains available for recovery, significantly limiting the leverage ransomware groups can exert. Advanced detection tools, including machine learning, can identify suspicious patterns in backup environments and raise alerts before an incident escalates. Together, these measures minimise downtime, protect critical data and preserve operational continuity.

Government support for local authorities

The Ministry of Housing, Communities and Local Government’s Local Digital team has taken steps to strengthen resilience across councils. The Cyber Support Programme allocated £19.9m to 192 authorities, while the Cyber Assessment Framework (CAF), launched in October 2024, provides a structured approach to assessing and improving resilience. The impact is already visible: between 2020 and February 2025, councils achieved an 83% reduction in initial risk, an 82% improvement in backup resilience and annual sector-wide savings estimated at £11m.

Nonetheless, significant challenges persist. Developing a positive cyber culture across local government is difficult, with organisational engagement inconsistent and training often underfunded. Financial pressures are also acute, with local authorities burdened by £122bn in debt. This makes it harder to procure affordable out-of-hours cyber expertise, leaving monitoring and logging functions under-resourced. Many councils are forced to manage these capabilities in-house, slowing response times and undermining resilience.

Resilience underpins essential services

Cyber resilience not only strengthens the ability of organisations to withstand and recover from attacks, but it also serves as a deterrent. Adversaries are less likely to target entities they know can recover quickly, as the likelihood of success diminishes. For UK councils and other public sector organisations, resilience is more than a defensive measure, it is central to protecting communities. True cyber resilience will preserve the reliability of essential services and maintain public trust in an increasingly hostile cyber environment.

SIGN UP
For your free daily news bulletin
Highways jobs

Technical Architect

Essex County Council
£63001 - £74118 per annum
Interviews will be held W/C 20th and 27th October 2025.*Experience the best of both worlds with our flexible hybrid working arrangements. Enjoy the f England, Essex, Chelmsford
Recuriter: Essex County Council

Solutions Architect

Essex County Council
£49819 - £58610 per annum
Interviews will be held W/C 20th October 2025.*Experience the best of both worlds with our flexible hybrid working arrangements. Enjoy the freedom to England, Essex, Chelmsford
Recuriter: Essex County Council

Assistant Director, People and Change

Essex County Council
Up to £350 per day
Assistant Director, People and Change - Basildon Borough CouncilBasildon Borough CouncilTemporary, Full Time£350 per day, Dependant on ExperienceLocat England, Essex, Basildon
Recuriter: Essex County Council

Educational Psychologist - Main Grade

Essex County Council
£43483.0000 - £63394.0000 per annum
Educational Psychologist - Main GradePermanent, Full TimeSoulbury Psychologists Scale A from 3 to 8 plus SPA opportunityLocation
Recuriter: Essex County Council

Senior Practitioner - Fostering Recruitment

Oxfordshire County Council
£46142 - £49282
An exciting opportunity has arisen for a full time Senior Practitioner to join the Countywide Fostering Recruitment Team. We are seeking an experienced, passionate, and dedicated Social Worker to be part of a dynamic team, driving the recruitment of foste Kidlington
Recuriter: Oxfordshire County Council
Linkedin Banner