Middlesbrough Council boosts cybersecurity spending, strategy in response to repeated cyberattacks

Middlesbrough Council has announced a sizable investment into a 12-month cybersecurity service worth approximately £25,000, in recognition of the growing risk to UK public sector organizations.

The move has come amid an year-long overhaul of the council's cybersecurity strategy, including greater staff training and data center disaster recovery tests.

In a report [PDF] published 25 September, the council acknowledged the work it currently does to ensure its third-party suppliers safeguard data in order to secure its supply chain, in addition to its own cybersecurity measures.

It noted that in November 2024 the council suffered two DDoS attacks that took down its website, with another successful attack happening in early December.

Responding to these attacks, the council implemented a mitigation solution at the end of 2024 and has suffered no further DDoS incidents since.

In the spring, it put in place a three-year cybersecurity training strategy and completed the Get Cyber Assessment Framework (CAF), a government program councils can use to identify third-party dependencies, organizational vulnerabilities, and analysis of critical teams.

Completion of the program secured Middlesbrough Council a £15,000 grant.

During 2025 its teams also carried out a disaster recovery plan for its data centers and commissioned the shared service firm Veritau to audit its server admin and security.

"A sound system of governance, risk management and control exists, with internal controls operating effectively and being consistently applied to support the achievement of objectives in the area audited," Vertiau concluded.

"Our overall opinion of the controls within the system at the time of the audit was that they provided Substantial Assurance."

UK public sector under attack

To highlight the cyber threat UK organizations now face, the report's authors cited the UK government's latest Cyber security breaches survey, which found that 43% of companies and 30% of charities within the UK had reported experiencing a cyber attack in the 12 months leading up to the survey.

Among larger organizations, this number was higher, with 67% of medium and 74% of large businesses reporting cyberattacks.

A large number of public sector leaders are concerned about cyberattacks, and a report by Blackberry released in 2024 found UK public sector organizations are vulnerable to supply chain attacks.

In recent years UK councils have publicly struggled with cyber incidents. At the start of 2024 Canterbury City Council, Thanet District Council, and Dover District Council were hit with cyberattacks that caused severe disruption to services, and in March Leicester City Council was also hit with a highly disruptive attack.

Later the same year, council services across Greater Manchester were disrupted after the housing services firm Locata was attacked by hackers. Councils across Manchester, Salford, and Bolton were forced to suspend housing websites in response.

Attacks have continued well into 2025. In February, Hammersmith and Fulham Council revealed that it faces 20,000 attempted cyber attacks per day, mainly in the form of phishing.

And in June, hackers stole historic data, including the personal information of poll station workers and ballot counters at Oxford City Council, though the organization's automated security systems were able to limit the scope of the attack.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.