Local authorities across the UK have been exposed to more than 98 million cyber attacks in the past five years, according to a new study.
After conducting freedom of investigation requests on councils around the country, privacy campaign group Big Brother Watch found that most of them are ill-prepared to fend off cyber crooks.
Big Brother Watch said there is an “overwhelming failure of councils to report losses and breaches of data, as well as shortcomings in staff training”.
The report claims that 37 cyber attacks on local authorities take place every minute, putting the sensitive and personal information of citizens at risk.
Over 25 per cent of UK councils have fallen victim to computer breaches in the past five years, and 114 local councils experienced an attack between 2013 and 2017.
Meanwhile, 25 councils saw hackers steal important data, and half of these cases were not reported to the appropriate authorities.
Human error is the main cause of cyber breaches, the study found. Around three in four local authorities have failed to train their staff about cyber security risks. In total, there were 376 cyber security incidents.
Jennifer Krueckeberg, lead researcher at Big Brother Watch, said local authorities must pay closer attention to their IT security infrastructure if they are to protect employees and the public.
“With councils hit by over 19 million cyber attacks every year, one would assume that they would be doing their utmost to protect citizens’ sensitive information,” she said.
“We are shocked to discover that the majority of councils’ data breaches go unreported and that staff often lack basic training in cyber security. Local authorities need to take urgent action and make sure they fulfil their responsibilities to protect citizens. ”
Patrick Hunter, director at One Identity, warned that hackers are effectively going to war with councils. However, local authorities are not taking the threats seriously enough.
“There is a war on and it seems that the public are mostly oblivious to the attackers. There are millions of cyber-attacks in the UK each month and most are simple port scans, phish attempts or similar automated chancers,” he said.
“When articles like these are published we’re supposed to be shocked and dismayed at the poor level or protection put in place by our councils.
“They are going to be the hardest hit, always. They are the keepers of much of our personal data and also, sadly, they are the imitated to try and fool the general public into clicking things that they shouldn’t.”