Council’s Lack of Cyber Protection Cost It Over £12 million

It's becoming increasingly evident that local authorities are facing growing threats from cybercriminals. The Information Commissioner’s Office (ICO) reports a 24% increase in attacks on local authorities between 2022 and 2023. The sensitive data these public sector organisations hold, coupled with the essential services they provide, makes them particularly attractive targets for cybercriminals and hostile stateactors.

Councils are clearly at risk, both directly and through their supply chain partners. The rising number of cyberattacks, alongwith their severe consequences, frequently makes headlines. This situation has two significant impacts: it erodes public trust in local authorities (a key goal for malicious state actors) and fuels widespread assumptions about the nature and effects of these breaches.

Hackney Council Failed to Implement Essential Measures

Hackney Council serves as a prime example, having suffered a cyberattack in 2020 that cost the Council over £12 million. This included more than £440,000 spent on IT consultancy, £152,000 on recovering its social care data system, and £572,000 on restoring its housing register. The cybercriminals managed to access and encrypt over 440,000 files, impacting over 280,000 residents and staff.

The attack caused significant disruption across the council’s services, leading to delays in processing benefits claims, adding people to the housing register, and conducting land registry searches. Even public printers in the borough’s libraries were affected.

In its findings, the ICO noted that Hackney Council had failed to implement essential measures to protect personal data.Specifically, the Council had not ensured that a security patch management system was actively applied to all devices, nor had it changed an insecure password on a dormant account still connected to the council's servers—an oversight that the attackers exploited.

The ICO Reports - a clear and avoidable error

Stephen Bonner, the ICO’s deputy commissioner stated:

“This was a clear and avoidable error from London Borough of Hackney, one that has resulted in a mass loss of data and has had a severely detrimental impact on many residents. This is entirely unacceptable and should not have happened. Whilst nefarious actors may always exist, the council failed to effectively implement sufficient measures that could have better protected their systems and data from cyber attacks. Anyone responsible for protecting personal data should not make simple mistakes like having dormant accounts where the username and password are the same. Time and time again, we see breaches that would not have happened if such mistakes were avoided.”

Don’t be a victim. Make a pre-emptive strike and contact us

Vastly reducing your chances of falling victim to a cyber attack is easy with Cyber Regiment, our range of state of the art services are easy to integrate with your systems, and provide you with advanced notice of vulnerabilities and help you to deal with cyber breaches should they occur.

It’s also important to combine our technical solutions with our Cyber Insurance and Legal Compliance packages, adding extra layers of protection and support to you and your business.

Don’t be a victim. Make a pre-emptive strike and contact us to find out more about how we can help you and your business.

‍

‍