Over a quarter of UK local authorities have suffered a security breach in the past five years, with the vast majority not providing mandatory cybersecurity awareness training, according to Big Brother Watch.
The pressure group received Freedom of Information responses from 395 local authorities (94.5%) to compile its latest report, Cyber-attacks in local authorities.
It found that councils were subject to a staggering 98 million attacks between 2013 and 2017 – equating to 37 attempted breaches every minute.
In fact, 114 councils (29%) actually had their systems breached by attackers, with 25 (6%) experiencing a data breach as a result.
Surprisingly, over half (56%) of those councils who experienced a breach or data loss didn’t report it, behavior which would result in a hefty fine from GDPR regulators after May 25.
According to the report, 75% of councils do not provide mandatory training in cybersecurity awareness, while 16% don’t provide any training at all.
Big Brother Watch urged local authorities to focus their efforts less on intrusive surveillance technologies and more towards securing citizens’ data.
“Our research suggests that local authorities are not taking cybersecurity and data protection seriously enough. While some councils have a developed good understanding of the danger cyber-attacks pose, good practice needs to be seen across the board,” the report noted.
“It is unacceptable that living in the jurisdiction of a council with lax policies and insufficiently trained staff exposes those citizens’ personal data to greater risk.”
Anthony Chadd, senior director EMEA at Neustar, argued that local governments are under increasing pressure to deliver against a backdrop of spending cuts and growing cyber-risk.
“As the guardians of millions of citizens’ personal information – and with less than 100 days until the GDPR comes into force – ensuring robust data security has never been more critical,” he added. “From protecting against DDoS attacks to encrypting mission-critical data and IP, local governments across the country must ensure cybersecurity is at the heart of their digital transformation strategies.”