In a recent study conducted by insurance broker Gallagher, UK councils have reported being targeted by more than 263 million cyber attacks in the first half of 2019 alone, equating to 800 attacks every hour. Is Cyber Security Training becoming more important?
Gallagher conducted the research using Freedom Of Information (FOI) requests, finding that of the 203 councils which responded in full to the requests for information, 37% had reported cyber attacks within the first six months of 2019.
Since the start of 2017, it was found that 17 attacks against local authorities were reported to be successful, resulting in a loss of data or money, with one council reporting a loss of over £2 million and the average successful cyber-attack on a council results costing £430,000.
Further to this, only 13% of councils currently hold a cyber insurance policy to protect against the financial or data loss associated with cyber attacks. Additionally, of the councils which had suffered a successful breach in the past, just one currently holds a cyber specific insurance policy.
Commenting on the epidemic of cyber incidents, Tim Devine, Managing Director of Public Sector & Education at Gallagher, said: “Our research illustrates the scale of the challenge facing local authorities in the UK. Councils are facing an unprecedented number of cyber-attacks on daily basis. While the majority of these are fended off, it only takes one to get through to cause a significant financial deficit, a cost which the tax payer will ultimately foot. Costs and reputational damage at this scale can be devastating for public authorities, many of which are already facing stretched budgets.”
These recent figures suggest an alarming lack of cyber security awareness regarding cyber attacks and the implications they can have for businesses, especially amongst local authorities. The nature of public sector organisations makes them tempting targets for cyber criminals thanks to factors such as lack of education among users, and a substantial amount of personal data held on the general public by councils, schools and universities, the NHS and other social care bodies.
However, with all this sensitive and Personally Identifiable Information (PII) potentially at risk, effective defence strategies should be front of mind for these organisations. Especially with the threat of significant regulatory fines for data breaches looming since the introduction of GDPR and the ICO recently moving to enforce GDPR regulations to the full extent of their powers.
Although this research focuses specifically on local authorities in the UK, this lack of awareness is a widespread epidemic plaguing many businesses across the UK from both the public and private sector.
With this in mind, the importance of strong defences against malicious threats has never been greater and there is a plethora of widely available information you can draw upon to enhance your organisations defences with minimal cost, including two of SES’s recent articles “How Do Ensure Your Business Continuity In 2019?” and “The Simplest Vulnerabilities Can Be Your Greatest Weaknesses”.
Additionally, to help you identify and remediate the vulnerabilities which exist within your networks and security, SES can provide consultants to review your organisations cyber security posture and work together with you to respond to the weaknesses which exist.
For more information on how you can enhance your organisations defences against malicious threats, please get in touch to speak to one of our specialists.
© SES Secure Limited and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.