Michael Burton 09 April 2018

Meeting the cyber security threat: are you ready?

Meeting the cyber security threat: are you ready? image

A quarter of local authority respondents have had a cyber security breach in the past year according to a survey by The MJ and BT which also found that most regard strong cyber security as a key part of their digital transformation strategy.

Looking at the results in detail, respondents are certainly aware of the risk of malware and ransomware which featured among their top five areas of cyber security threats.

They also named phishing attacks, accidental sharing of data in contravention of the Data Prevention Act and poor secure email.

One respondent referred to ‘the sheer weight of the number of threats being intercepted on a daily basis by the IT team.’

In the last 12 months 24% of respondents said they had suffered a cyber security breach with varying levels of damage. Some had successful ransomware defences, some had their IT teams working through the night to delete locked files and recover data from back-up and one said their council had three days of disruption of services.

Responses to such attacks were extra investment on staff training and security software and enhancement of firewalls. An overwhelming 82% of respondents expected the risk of attacks to increase over the next year, none expected them to decrease, and only 18% said the risk would stay the same. There was clear concern about the probability of a cyber-attack with almost a third on a scale of one to five (with five the highest probability) naming five and another 36% naming it as a three.

Almost 60% of respondents also agreed that the impact of a cyber-attack was potentially catastrophic while three-quarters named it as important compared to other risks.

Respondents regarded reputational damage arising from the impact of a cyber security breach as the biggest concern, followed by financial penalties, personal liability, disruption of service delivery and, loss of citizen confidence in online services and data loss.

Most respondents regarded strong cyber security as an important part of their organisation’s digital transformation strategy, with 57% naming it as a critical part. The question is how can councils mitigate the risk of cyber-attacks?

Overall, respondents felt that the two most critical ways of reducing the risks were the right security technology (73% of responses) and security awareness across all staff (77% responses).

Next in descending order were the skills and calibre of IT security staff, security governance processes, leadership from executives with responsibility for IT security, compliance with regulations, and lastly knowledge sharing with peers and partners.

Another key question is what stops an authority developing strong cyber security.

On a list of four issues, legacy systems was named as the top, followed by lack of cash for investment, lack of in-house knowledge and ‘other important priorities’.

Just over half of respondents (52%) expected their investment to increase over the next year while 33% said it would stay the same.

As to what level in the organisation cyber security is discussed, the IT department was named by 72% of respondents followed by the chief executive or corporate management team (named by 63%), then users (50%).

As for working with partners to create a cyber security strategy, 65% said they were already working with security vendors or consultants, 55% were working with other public sector organisations, 39% with law enforcement/regulatory agencies and 41% with the National Cyber Security Centre.

In conclusion, our survey confirms the risks of cyber-attack and importance of addressing the threat – but will pressures on budgets and the growing demand for services allow councils to commit sufficient resources and develop the necessary skills to combat an escalating threat, particularly with the additional need to meet the requirements of General Data Protection Regulation?

Councils and the new legislation:

Councils are aware of General Data Protection Regulation (GDPR) but there is still some way to go before everyone will be ready to meet all of their obligations

The survey also asked about the new GDPR coming into force in May. Some 82% of respondents said they were aware of this, though a surprising 18% admitted they were not.

Most respondents said they were prepared for the new regulation by having a data protection officer in place. But fewer are ready to meet other requirements such as: the right to be forgotten (18%); cleansing of legacy data (13%); tighter consent processes (23%).

Respondents thought that the new regulation would be ‘challenging,’ ‘reduce the amount of information that is stored and shared’ and is ‘significant like the arrival of Freedom of Information again.’ On the positive side, respondents said it would strengthen information governance. Respondents also raised concerns about the increased need for resources, increased administrative complexity, and the potential for non-compliance fines.

The key findings of the survey were:

• Cyber security and the threat of cyber-attack is seen as critical by local authorities.
• The threat of cyber-attack is a clear and present danger for local councils today and it is on the rise.
• The right security technology and staff awareness are seen as the two most important ways to reduce the risk of cyber-attack.
• Legacy systems and a lack of money to invest are hampering efforts to reduce the risk of cyber-attacks.
• Lack of in-house skills and knowledge is another barrier and many local councils are working or would consider working with others to combat the threat.

BT’s top cyber security experts, Mike Pannell and Neil Mellor, comment on the findings here.

For your free daily news bulletin
Highways jobs

Head of Looked After Children and Vulnerable Young People

Enfield London Borough Council
Up to £89,319
 This is an exciting opportunity to lead all the services that support Enfield’s children in care and care leavers. Enfield (City/Town), London (Greater)
Recuriter: Enfield London Borough Council

Head of Communities

Kirklees Metropolitan Council
to £61,751 (pay award pending)
We are looking for an innovative and knowledgeable senior professional to join our leadership team with strong experience of working in communities... Kirklees, West Yorkshire
Recuriter: Kirklees Metropolitan Council

Economic Development Officer (Town Centres)

North West Leicestershire District Council
Band F, £29,636 - £32,878 per annum
The Economic Development Officer (Town Centres) post forms part of the Council’s Business Focus team who provide help directly to businesses. Coalville, Leicestershire
Recuriter: North West Leicestershire District Council

Educational Psychologist

Camden London Borough Council
£44,131 - £53,34
The ideal candidates will have an excellent understanding of psychological frameworks and their application in... Camden, London (Greater)
Recuriter: Camden London Borough Council

Economic Development Officer

North West Leicestershire District Council
Band F, £29,636 - £32,878
Are you interested in a challenge and want to help shape the future of North West Leicestershire? Coalville, Leicestershire
Recuriter: North West Leicestershire District Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue