Three in four local authorities do not provide mandatory cyber security training to their staff, Big Brother Watch has revealed, despite human error being a significant factor in most data breaches.
The privacy campaigners behind the research said they were concerned by their findings given the rapid accumulation of personal data by councils across the country.
The report revealed that more than a quarter of councils (114) have had their computer systems breached in the past five years and that 25 had experienced a breach that resulted in a loss of data.
More than half of those hit by a breach did not report it, the report found. However, the Freedom of Information results used to gather the data did not reveal how many of those breaches affected personal information.
Organisation are not legally required to report data breaches, but the Information Commissioner’s Office urges them to do so anyway. When GDPR comes into force in late May, firms could face significant fines if they fail to.
Jennifer Krueckeberg, lead researcher at Big Brother Watch, said she was shocked to discover that the majority of councils’ data breaches go unreported and that staff often lack basic training in cyber security.
“Local authorities need to take urgent action and make sure they fulfil their responsibilities to protect citizens,” she added. While 75 per cent of councils do not provide mandatory training, 16 per cent provide none at all, according to the report.
Raj Samani, chief scientist and fellow at McAfee, said one of the greatest concerns was the previous lack of communications around the attacks.
“That said, we will gain nothing by pointing the finger at the IT and security teams,” he added. “Managing the growing and evolving threat against a backdrop of squeezed budgets, local authorities are having to make difficult choices about where their investments should be made.”
Pat Walshe, director of data protection consultancy Privacy Matters, said: “The Big Brother Watch report reveals inconsistent approaches to safeguarding personal and sensitive data held by local authorities. It highlights the pressures faced by local authorities in a world of diminishing resources but increasing demands. It will be important that local authorities receive appropriate support moving forward.”