According to new figures published, local authorities across the UK are experiencing an average of 10,000 attempted or successful cyber attacks every day, with incidents increasing by 14% year-on-year to more than two million so far this year. GallagherProvider of insurance broking and risk management services.
Gallagher lodged freedom of information (FOI) requests with every local authority in the country and got information back from 161 of the 333 county councils, district councils and unitary authorities – the actual number of incidents is much, much higher.
The data shows that Phishing attack By some margin the biggest threat facing local authorities, 75% of respondents said it was the most common form of attack – phishing, of course, is usually a precursor to more impactful incidents like a ransomware attack. Denial of Service Delivered (DDoS) attacks, which disrupt websites and potentially destroy local public services, were the second most common type of attempt, and ranked as the top threat for 6% of respondents.
“Criminals unfortunately know all too well that cyber attacks can cripple systems, and as many councils increasingly serve the needs of local people digitally, they simply cannot afford to experience downtime,” said Johnny Mongan, head of cyber risk management at Gallagher.
The firm also revealed that while most incidents have been intercepted and thwarted, local authorities have collectively paid out more than £10 million over the past five years, including money lost to hackers, legal costs and regulatory fines.
In addition, nearly 52% of respondents hired external experts to advise on mitigating cyber risk in the past 12 months, and 85% increased their own security spending, although only 23% invested in a cyber insurance policy.
“It’s positive to see that councils are recognizing this threat, and looking to hire external experts to help prevent cyber attacks,” Mangan said. “Risk management and proper security are absolutely critical and external experts are best placed to advise on the most up-to-date measures.”
Tim Devine, managing director of government, housing, education and the public sector at Gallagher, added: “It’s important to have a plan in case the worst happens. With so many attacks happening every day, it only takes one flaw to cause significant problems.
“The associated costs and risks to reputational damage resulting from cyber threats mean that having specialist cyber insurance should be a key consideration, but it is by no means the only consideration for those wishing to reduce the risk of an attack.”
However, many buyers are finding it increasingly difficult to obtain cyber insurance coverage due to a combination of increasingly expensive premiums and stricter clauses on risk and compliance measures that require companies to prove eligibility for a policy.
Lloyd’s of London Insurance Market was announced in August That it is clarifying the scope of coverage for its insurance group’s cyber insurance policies, encouraging managing agents to recognize the specific complexities surrounding state-sponsored cyber attacks and apply due diligence.
According to a recent report, number of companies – not just public sector companies – have been pushed out of the cyber insurance market for one reason or another. Shows a double set Between now and the end of 2023.