Only a third (35%) of local authority leaders are confident their council is prepared to deal with a cyber-attack, according to new research from PwC.
The global consultancy’s seventh annual study, The Local State We’re In, comprises the views of more than 100 local authority chief executives, finance directors and elected council leaders across the UK.
The results come as 97% of UK CEOs also polled by PwC claimed they’re currently addressing cyber-breaches.
The perception is that local authorities are highly vulnerable to cyber-threats.
A parallel survey of 2000 consumers found that just 34% trusted their council to manage and share their data and information securely.
Security challenges could also be behind a drop in confidence when it comes to using digital technologies.
Only 61% of local authorities said they are confident in their digital approach, down from 76% in 2016.
Jonathan House, PwC local government partner, said the sheer breadth of services offered by councils increases the cybersecurity challenges facing IT teams.
"In a world of working with many outsourced suppliers, there will be significant and risky third party engagement – this means a comprehensive approach is needed where security is built into business processes and the ways of working from the start,” he told Infosecurity.
"Councils have all kinds of information from bin collection data to vulnerable children, social care, and police information. They need to make sure that the staff responsible for looking after the data are doing so in the right way. Staff can often be the easiest way in to any organization so it's vital that they are trained.”
The number of councils fined by watchdog the ICO for data protection lapses continues to grow.
Most recently, Gloucester City Council was forced to pay £100,000 after hackers took advantage of a well-publicized vulnerability, enabling them to access and download 30,000 emails containing sensitive personal information on employees.
The ICO was forced to reveal earlier this year that many councils are also lagging behind on GDPR compliance efforts.