LGA Cyber Security Stocktake

National-Level Report

Published in: Local Government Association (November 2018)

Posted on RAND.org on February 22, 2019

by Nathan Ryan, Siobhan Coughlan, Erik Silfversten, Helen Reeves, Hui Lu, David Pye, Fook Nederveen, Jos Creese, Giacomo Persi Paoli

Read More

Access further information on this document at www.local.gov.uk

This article was published outside of RAND. The full text of the article can be found at the link above.

This report shows the results from the LGA cyber security stocktake. It provides a high-level summary of results from all 353 English councils (100 per cent) that participated in the stocktake. The data presented in this report was collected from mid-June to early-September 2018. The stocktake took a broad definition of cyber security that incorporated leadership, governance, partnerships and training arrangements, beyond the traditional information technology (IT) security controls and adoption of standards that underpins cyber security's technology practices. The study team applied a weighting and scoring method to analyse the results of the stocktake for each council and to provide them with their 'RAG' (red, amber and green) rating. A greater level of granularity was required to understand the distribution of results; therefore, the amber category was further broken down into three segments to analyse councils at the cusp of the red and green ratings. The analysis resulted in 353 bespoke reports of each individual council's cyber security arrangements. These individual assessments were based solely on the submission from the respective council and were not benchmarked or compared against the results of other councils.

Research conducted by

This report is part of the RAND Corporation External publication series. Many RAND studies are published in peer-reviewed scholarly journals, as chapters in commercial books, or as documents published by other organizations.

Our mission to help improve policy and decisionmaking through research and analysis is enabled through our core values of quality and objectivity and our unwavering commitment to the highest level of integrity and ethical behavior. To help ensure our research and analysis are rigorous, objective, and nonpartisan, we subject our research publications to a robust and exacting quality-assurance process; avoid both the appearance and reality of financial and other conflicts of interest through staff training, project screening, and a policy of mandatory disclosure; and pursue transparency in our research engagements through our commitment to the open publication of our research findings and recommendations, disclosure of the source of funding of published research, and policies to ensure intellectual independence. For more information, visit www.rand.org/about/principles.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.