Hammersmith and Fulham Council has reportedly revealed it faces around 20,000 attempted cyber attacks every day.
According to reports from The Standard, most of the attacks consist of phishing attempts, and the council said it has applied anti-phishing measures and tightened up firewalls to deal with the threat.
Local authorities have become a popular target for cyber criminals in recent years, thanks to the large amount of valuable personal data they hold, often-outdated IT systems, and comparatively poor cybersecurity budgets.
According to the Information Commissioner’s Office (ICO), cyber attacks on local authority systems jumped by a quarter between 2022 and 2023 while personal data breaches reported by local government organizations surged by 58% in the same period.
Adam Boynton, senior security strategy manager EMEIA at Jamf, said the figures highlight the broad array of threats faced by local authorities across the country.
"The number of cyber attacks Hammersmith and Fulham Council is facing represents a wider issue, as security threats across all local councils have significantly increased over the last few years," he said.
"Councils hold vast amounts of personal data, making them prime targets for cyber crime. This data can be exploited for fraud, sold on the dark web, or used in future attacks."
Last year, information commissioner John Edwards urged local authorities to take cybersecurity more seriously and recognize the effect that breaches can have on people's lives.
"We trust local government with some of the most sensitive personal information imaginable, yet they remain one of the leading sources of data breaches," he said.
"This is not just an admin error – it is about people. When data is mishandled, it can have serious and long-lasting consequences, particularly for people in vulnerable situations. We need local government to do better."
UK councils face a barrage of cyber threats
During 2024, numerous councils faced cyber attacks, including a supply chain attack that affected the housing websites for Manchester, Salford, and Bolton councils.
Similarly, this time last year three Kent councils suffered an incident which severely disrupted services while an attack on Leicester City Council in March knocked IT systems and phone lines offline.
A large part of the problem is local authorities' creaking IT systems, Boynton said.
"Local council networks are particularly vulnerable due to their continued reliance on outdated IT systems and end-of-life software that are not equipped to handle modern cyber threats," he said.
"These systems are frequently patched together over many years, introducing complexities in maintenance and security upgrades."
Jamf recommends implementing multiple defensive layers and enforcing more robust cyber hygiene practices, such as multi-factor authentication, secure passwords or password management software, and user awareness of security risks.
"Strong hygiene practices are an effective way to improve cyber resilience without stretching limited budgets," said Boynton.
MORE FROM ITPRO
