Written by: Vertical Structure on Nov 07, 2019
BELFAST, Northern Ireland -- 3 July 2019 -- Over a six-month period at the end of 2018 and beginning of 2019, cyber security professionals from Vertical Structure undertook a survey of all local councils across Northern Ireland.
“We were hoping to uncover what level of potential cyber security exposure local councils were facing,” said CEO and co-founder of Vertical Structure, Simon Whittaker.
The FOIA responses from local councils revealed that Northern Irish councils are spending, on average, just over £9,000 annually with cyber security vendors. The largest body, Belfast City Council, spent the most on cyber security at £35,879. One council responded that nothing had been spent on cyber security protection, the Mid and East Antrim Borough Council.
Compare that to the gross budgeted expenditure in 2017/2018 of £192.4m* by Belfast City Council and the council spent just 0.18% of its budget on cyber protection.
“We were surprised by these figures,” said Simon, “particularly when you consider that councils are storing personal data on citizens. Belfast City Council spent less than 2p on cyber protection for every £1,000 spent”.
Councils’ data stores might include private citizens’ names, addresses, phone numbers and email accounts.
“When storing that kind of data, we’d advise all organisations to ensure that they have adequate cyber protection measures in place,” said Simon. “This may include annual security and penetration tests to ensure the robustness of their systems, cyber security training for all employees who deal with IT systems and databases, and information assurance measures.”
The low spending amounts led Vertical Structure to question whether councils are adequately protected. There is a high risk to councils’ IT systems if attacked by ransomware, malware, virus and hacking.
Simon explains, “It’s sad but true that no organisation is immune to an attack. We’re not trying to shed a bad light on councils by making this information public. Instead, we’re trying to increase awareness of a rising problem – that governmental organisations have overstretched budgets and they are being forced to cut corners where they shouldn’t.”
There is a free online webcheck service for Gov.uk organisations available online at this link. Simon said, “It’s possible the councils are using free services such as this one, or the plethora of services that the NCSC offers. If they are, that’s great – these free tools are a hugely useful resource.”
To date, Vertical Structure is not aware of a serious data breach on a Northern Irish council, however, news reports from around the globe show that cyber attacks are happening to government bodies increasingly.
“It could be a ticking time-bomb,” said Simon. “As just one example, look at what happened in Baltimore.”
The City of Baltimore in Maryland, USA was hit by a ransomware called Robbinhood in May this year, resulting in a reported $18m in damage to its IT systems. City officials explained that hackers were looking for a $100,000 ransom pay-out after a city employee unknowingly clicked a link or opened an email with the malware. The total financial impact included $10m to ‘repair and rebuild the network’ and $8m in ‘deferred revenue and the loss of interest in penalty income,’ per city officials.
“That was just one publicised example – many cyber attacks never get publicised. Bad actors are writing new attack methods every day. All of us need to prioritise cyber security protection before it’s too late,” concluded Simon.
Source: Belfast City Council annual financial report.
Using FOIA requests, 11 councils across Northern Ireland were surveyed with the following questions:
The following councils responded to Simon Whittaker’s FOIA requests:
Email Us
email hidden; JavaScript is required
Call Us
+ 4428 9099 5777
Or send us a quick message
