Jaqueline is an Exposure Management Professional specializing in Cyber. As part of the Certified Cyber Insurance Specialist (CCIS) course, she completed a complex assignment on cyber risk for local governments in the UK.
Local authorities are responsible for a range of vital services for people and businesses in defined areas. This includes social care, schools, housing, planning, waste collection, licensing, business support, registrar services, and pest control. However, due to the wide range of services provided and funded by local authorities, a lot of potentially sensitive data is held by them.
Cybersecurity Challenges Faced by Local Authorities
Due to the range of services provided and funded by local authorities a wide range of data, much of which may be sensitive, is held by local authorities. The authorities may hold, amongst other things, information including your address, email, benefits information, medical information (for social care) and details of criminal records (e.g., where DBS checks have been carried out).
Outdated Software and Processes
As well as holding a lot of potentially sensitive data, local authorities are also viewed as “low hanging fruit” for criminals with outdated software and processes, and cyber security neither a priority nor properly funded.
According to Reform, a Westminster think tank for public service reform, “The public sector has faced some challenges in developing greater cyber resilience. Legacy infrastructure is problematic because it can contain vulnerabilities if not maintained properly. A lack of cyber skills both at the “high-end,” such as security architecture, and the “low-end,”