Only 23% of councils currently hold a cyber-insurance policy despite a rise in cyber attacks

UK councils have been hit by 2.3 million cyber attacks so far this year, according figures released by Gallagher today (31 August 2022).

A Freedom of Information (FOI) request raised by the broker examined 161 local authorities in the UK and revealed that phishing attacks were the biggest cyber threat to UK councils – 75% of councils said it was the most common attack they faced.

Meanwhile, distributed denial of service (DDoS) attacks – which aim to disable websites or internet services by bombarding servers with false requests – were the second most common attack.

DDoS attacks ranked as the most common attack type for 6% of councils.

Johnty Mongan, head of cyber risk management at Gallagher, said: “Criminals unfortunately only know too well that cyber-attacks can cripple systems and, with many councils increasingly servicing local people’s needs digitally, they simply cannot afford to experience downtime.

“It is positive to see that councils are recognising this threat and looking to employ external experts to help prevent cyber-attacks – risk management and putting in the right security is absolutely key and external experts are best placed to advise what the most up to measures are.”

The news follows a Google Cloud Armor customer being hit by the largest ever DDoS attack in June 2022.

Mitigating risk

This increased prevalence of cyber-crime has been driven by more operational reliance on technology during and post-pandemic – it is affecting both the public and private sectors.

According to Gallagher’s statistics, 15% of UK business owners say cyber crime is one of the biggest risks they face.

For example, in the last 12 months around half of councils (52%) have needed to employ an external expert to give them advice on how to mitigate the risk of cyber-attacks.

Nearly nine in 10 councils (85%) have increased cyber security measures to help them cope with the volume and sophistication of attempted attacks.

Despite this, only 23% of councils currently hold a cyber insurance policy.

Tim Devine, managing director for government, housing, education and public sector at Gallagher, added: “It is important to have a plan in place should the worst happen.

“With so many attacks happening every day, it only takes one error to cause significant problems.

“The risk in terms of associated costs and reputational damage as a result of cyber threats means having specialist cyber insurance in place should be a key consideration but is by no means the only consideration for those wishing to mitigate the risks of an attack.”