That's according to cyber security firm ProLion, which sent Freedom of Information (FOI) requests to each of London’s 32 borough councils plus the City of London in December 2021. In their responses, 17 local authorities admitted they are not properly insured against the risk of a cyber incident.
How are cyber security and insurance companies evolving with the threat of ransomware? Amazon to offer cyber insurance to UK SMBs Cyber insurance premiums increased by a third in the last 12 months
What's more, five councils refused to say whether or not they have in place a cyber insurance policy, citing Section 31 of the Freedom of Information Act which exempts the disclosure of information that could “prejudice the prevention or detection of crime”.
One council said that disclosing the information relating to cyber insurance could lead to an increased risk by encouraging an attack, said ProLion. Other councils stated that the disclosure of such information would give cyber criminals insight into possible vulnerabilities, or embolden them to attack those most at risk.
Eight councils were ambiguous or unclear in their response to the FOI, while three councils didn’t respond to the request at all.
Improve security and compliance
Adopting an effective security and compliance risk management approach
“Ransomware attacks have continued to rapidly grow both in frequency and sophistication,” said Steve Arlin, VP Sales in UK, Americas & APAC at ProLion. “The situation demanded action a long time ago, and the issue is now so large that businesses can’t afford to be reactive in their approach to cybersecurity.”
ProLion pointed out that organisations of all sizes and sectors are viable targets for opportunistic cyber criminals. However, the public sector is likely to hold more sensitive data, including council tax, medical records, and financial information. “This might explain why they are a preferred target and more likely to pay any ransom demands,” stated the company.
Arlin added that for organisations like borough councils, the risk of large volumes of sensitive personal data falling into the wrong hands means that it could face huge UK GDPR related fines as a result.
ProLion also found that the research provided insights on councils’ approach to cyber security. One representative for a council said that they discovered the cyber insurance market to be very challenging and therefore difficult to obtain competitive quotations. They added that they are currently looking at both insurance and a cyber consultancy review, including self-assessments as a solution to their cyber risks.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.