New report finds more than 25% of UK councils have had their computer systems breached in the past five years.
The latest Big Brother Watch report found that local councils in the UK suffered from 98 million cyber attacks between 2013 and 2017, averaging out to 37 attacks every minute. Having gained the data through freedom of information requests, it was also found that the vast majority of local councils did not train or educate their employees on cyber security.
With potentially millions of residential data stored in local councils, should a data breach occur, there could be devastating consequences if adequate security measures are not in place.
The study also found that over half (56%) of the councils that had suffered a data breach didn’t report it to the relevant authorities. Under GDPR, it is mandatory for any organization to report a data breach to the relevant authority within 72 hours of becoming aware of the breach. Failing to comply with this will result in a significant fine of up to 10 million euros or 2 per cent of the global turnover of the organization. This will mean any organization handling critical data on European citizens will need to have a robust and efficient breach reporting process in place.
With the news highlighting the lack in security preparedness, governmental institutions have a duty to their constituents to protect their data. To fulfill this duty, implementing encryption or tokenization solutions will protect each piece of Personally Identifiable Information (PII). Should a breach occur with the encryption technology in place, the information becomes unusable to the hacker as long as they do not come into possession of the key to decrypt it. When the organization is the only party who is in full control of the encryption keys, it will also avoid having to report the breach to the required authorities, saving the organization potentially millions in fines and reputational damages.