Local government cybersecurity stocktake in England
A cybersecurity stocktake of all 353 councils in England examined IT security, leadership, governance, partnerships, technology arrangements and training.
The vast majority of councils received an "Amber" or middle-range rating, with few councils receiving a "Green" or good rating. Training and awareness of cyber security issues and arrangements offer the greatest opportunity for improvement.
Cybersecurity is a growing concern for local government. Councils are responsible for implementing essential services at the local level, such as social care, schools and housing, and hold a large amount of sensitive data – making them prime targets for hackers. Following a number of cyberattacks, including the 2017 WannaCry attack, the UK government has increased its efforts to encourage cyber awareness across a wide range of sectors.
On behalf of the Local Government Association, RAND Europe carried out a cybersecurity stocktake of all 353 councils in England. The stocktake covered areas beyond IT security, such as leadership, governance, partnerships, technology arrangements and training. By engaging with all councils in the sector and working closely with the LGA, our expert partner and key stakeholders, the study received a 100% response rate from all councils who submitted their stocktake.
With this information, the project identified councils with good cybersecurity practices, as well as councils that need additional support in this area. The report has already been used to identify ways the stocktake could be used in developing future programmes of work to support councils.
The project team developed a secure online questionnaire in order to gather data on the cybersecurity measures councils currently have in place. The stocktake was weighted and scored in order to analyse the results and provide each council with a RAG (Red, Amber and Green) rating. The stocktake was scored and weighted in consultation with the local government sector, our expert partner and through desk research on guidance issued by the NCSC and Cabinet Office.
The RAG scores for the stocktake were:
- Red (0-39)
- Amber (40-79) and
- Green (80-100).
The national level report provides a high-level overview of the sector based on the aggregated results of the stocktake. RAND Europe analysed trends in the data and produced a number of key insights.
- Overall, the vast majority of councils received an Amber rating, while a small number received Red ratings and even fewer still received Green ratings.
- Training and awareness of cyber security issues and arrangements offer the greatest opportunity for improvement.
- The higher scores in the Technology section show strong technical underpinnings for the sector, which provides a robust basis for continued cyber security improvements to be built on.
- High scores indicate the Partnerships section is strong, which contributes to more resilient cyber security practices.
The full report has been posted on the Local Government Association website and is accessible only to LGA members and Employer Link subscribers. For further information or to request access, please contact Siobhan Coughlan at the Local Government Association: firstname.lastname@example.org