With just two days until the general election, 40 per cent of London councils have admitted to not testing the disaster recovery procedures that safeguard electoral data.
Thirteen of the capital's 32 local authorities haven't tested their disaster recovery capabilities in the past year, backup provider Databarracks found after sending out Freedom of Information (FoI) requests.
MD Peter Groucutt said that while all councils have disaster recovery methods in place, the number not testing them is alarmingly high.
He added: "It's worrying that with the general election just days away, many local councils have not tested that their procedures actually work in the event of a disaster.
"At any time in the year councils are under scrutiny to keep sensitive data secure and systems running smoothly. So the run-up to a general election, when the electoral roll is most important, it is vital to ensure your procedures are water-tight."
Another issue Databarracks flagged was the recovery time objectives (RTO) and recovery point objectives (RPO) cited by councils when it came to restoring data after a failure.
Most said they could get their data back in 24 hours, while others took as long as a week one said a recovery could take around a fortnight.
And Groucutt said recovery times may be even longer than councils believe, but annual tests are required to check the system is up to scratch.
"Imagine if a council thought its RPO was 30 minutes but when it came down to it, it was actually 48 hours?" he said.
"If they haven't tested their DR capabilities, they really have no idea of how they'd cope should disaster strike at the very time that would cause most damage."
Of the 32 councils Databarracks questioned, three did not respond and two refused to answer, both claiming the questions were outside FoI requirements.
What does modern security success look like for financial services?
Yes, legal AI. But what can you actually do with it? Let’s take a look…
