#Privacy: UK councils hit by 800 attacks every hour

UK councils have reported being struck by more than 263 million cyber-attacks during the first half of 2019. 

A Freedom of Information (FOI) request by insurance broker Gallagher, revealed that out of the 203 UK councils that responded, just under half (49%) have been targeted by cyber-attacks since the beginning of 2017, with 37% of councils experiencing cyber-attacks in the first half of 2019. 

Over the first six months of 2019, the councils reported experiencing 263 million attacks, equating to around 800 attacks every hour. 

However 204 councils failed to respond to information requests or declined it, over security concerns. Therefore it can be assumed that the “true number of attacks across all councils could be more than double this and exceed 500 million in the first half of this year,” wrote Gallagher in a blog post. 

It was discovered that since the beginning of 2017, 17 attacks against various UK councils resulted in the loss of data or money, with one council reporting a loss of over £2 million. 

However the average successful cyber-attack on council, results in costs of £434,000 – which ultimately gets paid by taxpayers. 

Gallagher wrote: “The threat of heavy regulatory fines for data breaches has risen since the implementation of GDPR. Councils could represent prime targets for cyber-attacks due to their holding significant amounts of personal data, Gallagher warns that the threat of a big fine from the Information Commissioner’s Office (ICO) is also potentially looming.”

It was also discovered that councils are exposed when it comes to adequate insurance cover – with only 34 councils stating having cyber-insurance policy. This equates to only 13% of UK councils that are protected from financial loss or loss of data. 

Tim Devine, Managing Director of Public Sector & Education at Gallagher, said: 

“Our research illustrates the scale of the challenge facing local authorities in the UK. Councils are facing an unprecedented number of cyber-attacks on daily basis. While the majority of these are fended off, it only takes one to get through to cause a significant financial deficit, a cost which the tax payer will ultimately foot.

“Costs and reputational damage at this scale can be devastating for public authorities, many of which are already facing stretched budgets. In many scenarios, the people responsible for purchasing cyber insurance products need decisions to be made at member, or management level. The cyber threat and the need for cover needs to be high on every local authority’s agenda.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/