In the battle to meet budget reductions without reducing services, many local authorities have found the digital revolution to be a blessing. Not only does digitisation help them meet their users’ expectations, it also helps to deliver cost savings. Whether using data analytics to improve the efficiency of waste collection services or simply offering information services online, the digital transformation has emerged as a key ally for public service organisations.
Yet despite their increasing reliance on all things digital, many local councils are alarmingly vulnerable to cyber crime. Local authorities face an average of 19.5 million cyber attacks a year, according to an investigation by privacy campaign organisation Big Brother Watch.
As more and more valuable information is brought online, cyber criminals will be increasingly attracted to it. We’ve already witnessed major cyber security attacks against the public sector. In May 2017, the WannaCry ransomware affected hospitals and GP surgeries up and down the country, resulting in thousands of appointments being cancelled.
Moreover, attacks are likely to become more sophisticated. At the same time, the EU’s new regulations on data handling, the GDPR, came into force May 25th 2018, placing more obligations upon organisations that hold other people’s data. And the fines for breaching these duties are vast – up to 4% of annual turnover, or €20m, whichever is greater.
So how can public service organisations improve their cyber security readiness? Firstly, they should incorporate cyber security considerations from the very beginning of any new digital service. A thorough risk assessment at the outset of a digital project helps to ensure that security will be built in from the start rather than bolted on later.
Organisations must also take full responsibility for the security of their data. Outsourcing data to the cloud, such as those operated by Microsoft and Amazon, can reduce cost and improve scalability. But this does not mean that data is automatically secure. Threats from vengeful employees or insiders and security breaches arising from the proliferation of access rights are the responsibilities of the user, not of the cloud’s operators.
Finally, they must fully embrace cybersecurity and work together to help share best practice. Local authorities should also consider joining the Cybersecurity Information Sharing Partnership, founded by the government, participating within the National Cybersecurity Centre and enforcing the National Cybersecurity Strategy. These bodies help to keep councils up to date about the latest preventative measures, keeping them both vigilant and informed.
The public sector’s embrace of digital technology has been admirable, helping their everyday users and stakeholders in a variety of ways. Falling victim to cyber scams threatens to reverse this process, eroding people’s trust in both technology and their local services. Local authorities can help avoid this by taking cyber security seriously – right from the very start.
Published date: 29th August 2017
Updated date: 15th November 2018
This article and related document links do not purport to be comprehensive or to give legal advice. While every effort has been made to ensure accuracy, Risk Management Partners cannot be held liable for any errors, omissions or inaccuracies contained within the article and related document links.
Readers should not act upon (or refrain from acting upon) information in this article and related document links without first taking further specialist or professional advice.
Risk Management Partners Limited is authorised and regulated by the Financial Conduct Authority.
Registered office: The Walbrook Building, 25 Walbrook, London EC4N 8AW.
Registered in England and Wales. Company no. 2989025