Cyber security is a growing area of concern for councils across the UK. PwC's latest global CEO survey found that almost half of the UK's local authorities felt they were unprepared for a cyber attack.
Meanwhile, councils like all public-sector organisations, are having to adapt to the demands of the digital economy, navigating the challenges and risks brought by the vast amounts of data associated with bringing local services online. In these changing circumstances, the need for a local authority to be prepared for the cyber risk landscape of the future is more important than ever. Here are four key actions any organisation should consider taking:
Review your cyber policy: Cyber strategies should focus on developing resilience and protection as well as identifying individual risks. As a starting point, all organisations should review their current IT policy every six months to ensure it addresses the full range of cyber risks, from what constitutes appropriate web access, to how to handle data and passwords, as well as how and when personal devices can be connected to the network.
Build in resilience: Technology itself can be used to detect attacks and protect vital IT infrastructure. For example, encryption software can make the difference when it comes to thwarting a cyber criminal's ability to access sensitive data. Employee awareness can't be overlooked; even the best IT security is vulnerable if employees don't respect the procedures in place. At Zurich Municipal, we use our information governance health check tool to review every aspect of a councils approach to managing information (including cyber) so our experts can quickly identify the gaps that need to be addressed.
Prepare for the worst: Even with the best IT cyber policy in place, councils still need to prepare for the worst. Having a clear and well-rehearsed plan in place to respond to, and deal with, data leaks, malicious programmes, stress on systems, and business interruption is vital to limit the impact of any attack. Crucially, this plan should be coordinated with crisis communication and business continuity planning where necessary to ensure offline delivery of service is unaffected.
Be cyber savvy: The cyber-security landscape is in continual flux and mechanisms designed to protect your organisation's security can quickly become obsolete as technology develops. It's therefore important for organisations to stay on top of the latest developments in the cyber landscape and, equally, examine whether their insurance cover is fit for purpose.
As digital transformation leads to a shifting cyber risk landscape for the local authority sector it is critical Councils mitigate their risk by taking cyber security seriously.