Major cyber incident among ‘most significant risks’ facing council

A strategic risk and insurance report for 2023-24, at quarter four, will come before the council’s cabinet at its meeting on Monday.

The report provides an overview of the council’s strategic risk management and insurance activity for the last six months of the financial year 2023-24.

It states that five risk are considered to have 'worsened' since quarter two.

According to the report, the ‘likelihood rating’ of the council experiencing a major cyber incident or major information governance breach has increased from four (probable) to five (almost certain) ‘following news of yet more cyber-attacks suffered by various local authorities across the country’.

It adds: “However, the workshops facilitated by IT and emergency planning towards the end of 2023 were well attended by middle and senior managers from all directorates and received very positive feedback.

“It is hoped that these will enable critical services to understand more about the potential impact of, and plan more effectively for, a major cyber-incident or attack.

“Awareness raising communications and workshops have continued into 2024, including additional events being provided on request, to roll-out the key messages to colleagues across the council.”

The report says that, at quarter four, there are 11 risks scoring 20 or 25, meaning these risks are ‘considered probable or almost certain to occur, with a serious or severe impact for the council’ – with the ‘most significant risks’ facing the council including the council experiencing a major cyber incident or major information governance breach.

The cabinet is recommended to review and comment on the council’s strategic risk environment at quarter four of 2023-24, the council’s performance in managing insurance claims for the last six months of the financial year 2023-24, and the ‘new and emerging issues’ documented in the report or known to members from ‘other sources of intelligence and assurance’.