Approximately two-thirds of London’s citizens faced the threat of a potential data breach due to security failings in the capital’s 33 local authorities (32 London Boroughs and the City of London itself). This is according to research conducted by digital identity management company Secure Cloudlink.
A Freedom of Information (FOI) request was issued to the 32 London Boroughs and the City of London authority to ascertain their security hygiene and to determine how well they protect their data. The results revealed that 64 per cent had experienced a data breach in the last four years, highlighting the challenges public sector departments face in managing digital information assets.
Cybercrime continues to remain an ongoing threat both to individuals and organisations. The Office of National Statistics (ONS) revealed that there have been more that 3.8 million incidents of cybercrime in the past year alone, and despite Philip Hammond recently unveiling a £1.9bn package designed to boost Britain’s defences against the growing threat of cybercrime, evidence suggests that a lot still needs to be done to mitigate this issue.
Mark Leonard, Chairman at Secure Cloudlink, commented: “We issued these questions to London’s councils to gauge the security hygiene of the public sector. The sheer number of councils that have been breached is astonishing and reveals the issue of security is more prevalent than ever. There is a mass market for stolen data and hackers have become increasingly sophisticated in their tactics. Despite cybersecurity falling higher on the government’s agenda, the issue persists. Organisations need to be endlessly diligent when it comes to putting the correct procedures in place to alleviate the growing security risks.”
Key findings included:
- 21 out of the 33 authorities have reported a data breach in the past four years including Barnet, Camden, Croydon, Greenwich, Lambeth, Lewisham, Wandsworth, Westminster and the City of London itself
- Bexley, Bromley, Ealing, Enfield and Haringey are amongst those which reported no breaches in the same timeframe
- Kensington and Chelsea refused to disclose the information on the grounds of potential cyber-attacks, as did Hackney, which refused to ‘confirm or deny whether it holds the requested information’
- For residents concerned about potential data breaches of their online user accounts, not one council reported an incident in the past four years to their knowledge
Leonard added: “For public sector organisations in particular, it’s imperative that they maintain strict control over their data, due to the highly sensitive nature of the information they handle. The risk of not doing so puts citizens at risk of falling victim to data theft. No one is immune to the risk of a data breach, so organisations and individuals need to understands what it takes to navigate today’s increasingly vulnerable security landscape. While this set of data exposes the fact that the majority of London local authorities are vulnerable, as the vast majority experienced a breach in the past few years, the findings do indicate that residents of the city have not been directly impacted.
“But that does not mean that greater strides need to be made in managing security processes. The Cyber Essentials Scheme in fact is a government backed initiative that aims to provide clearer guidance and advice for organisations looking to improve their cyber security housekeeping. It’s aimed at those who might not have a dedicated in-house IT staff responsible for cyber-security – while most public sector departments will have this in place, it’s advice is certainly valuable in providing the solid foundations to improving security practices. On top of this, education must also be balanced with having the necessary systems in place to counter threats.
“Designs that were once suitable have not been updated to keep pace with today’s digital economy, and because of this, hackers have been able to capitalise and steal information much more easily.
“What’s important is to address internal and external threats by adopting new tools and practices that have the utmost cybersecurity resilience, and actually addresses the issues at hand. Fundamentally, all technology must adapt to an ever-changing industry and the security mindset needs to change. The future of any organisation that wants to insulate itself from the growing threat of cybercrime depends on this,” concludes Leonard.