Research from Gallagher, an insurance broking and risk management firm, has found that UK Councils reported 2.3 million cyber-attacks so far this year. With UK local authorities having paid out £10 million over the last five years alone.
However, Gallagher has stated that the number is much higher, with the true number of attacks across all councils is estimated to be more than 11 million in 2022.
Due to the COVID-19 pandemic, many businesses had to change work practices and rely much more heavily on the use of IT and digitisation of their business processes. Whilst this has provided multiple benefits it does not come without a degree of risk, with the present rise in ever more sophisticated cyber-attacks. Most people can recollect having received a recent scam email or text.
Three-quarters (75%) of UK Councils are finding that phishing attacks are by far their biggest threat.
Distributed denial-of-service (DDoS) attacks, which attempt to disrupt web traffic or services by overwhelming servers were the second most common attempt type – ranking as a top threat for 6% of Councils.
This growing risk has resulted in around half of Councils (52%) needing to engage with an external expert to give advice on how to mitigate the risk of cyber-attacks in the last 12 months.
Gallaghers also stated that 85% of Councils have now improved their cyber defences. Meanwhile, it said that only 23% of councils have an insurance policy for this type of risk.
These figures are extremely worrying, as cyber-attacks have the potential to have long-term negative effects on an organisation’s finances, efficiency, and reputation. These attacks are not limited to just Councils or local authorities, but to organisations across all industry sectors.
Gallagher's research also showed that 15% of UK organisations’ find cybercrime is one of their biggest risks, due to the increase in reliance on technology in the post-pandemic world.
Having appropriate systems in place to protect data should be a number one priority for all businesses when it comes to cyber security, it is better to take a proactive approach rather than a reactive approach when disaster hits.
Enabling authentication, limiting access to confidential data, and setting secure passwords are just a few ways to enhance organisational cyber security.
There is also the recommendation to work with an external expert to carry out a risk-based review of your current information security controls, identify threats and vulnerabilities that may exist, and build a system to reduce or eliminate these threats or vulnerabilities reactively.
Many forward-thinking organisations are now implementing an information security management system such as ISO 27001. Such a system provides a structured and recognised way of managing information security and protecting against cyber risk, by establishing robust policies/procedures and the technical controls required to protect the confidentiality, integrity, and availability of information.
Achieving certification to ISO 27001 indicates that your information security management system has been established and audited against international best practices.
The information security management standard embeds best practice approaches within your organisation as it takes a holistic view of identifying and protecting information assets and helps to embed information security firmly within organisational culture.
Having an ISO standard is also usually a prerequisite in tender criterion, and it is quite often this which drives organisations to implement ISO 27001. Therefore making them comparable with their competitors who may already have certification to the information security standard. Having a positive reputation and good personal relationships are no longer enough to guarantee contract retention.
Now more than ever, your organisation will benefit from having a proactive approach to cybersecurity. Rather than having to react when it’s too late.