Council reveals why it was not insured against cyber attacks
Gloucester City Council fell victim to a cyber attack in December last year
Gloucester City Council leaders say they decided not to insure against cyber attacks after receiving advice from insurance brokers and auditors.
The local authority’s IT systems were breached by hackers operating out of the former Soviet Union in December last year.
Since then, the council has seen many of its online services severely affected and recently revealed they are in the process of rebuilding their servers.
And council chiefs have set aside hundreds of thousands of pounds to fix the problem but opposition councillors fear the full cost will climb into the millions.
Leaders were recently asked for more information about why the council was not insured against such a risk as a cyber attack given that the local authority was also targeted in 2014.
Councillor Jeremy Hilton (LD, Kingshom and Wotton) asked the cabinet on April 6 who made the decision not to have insurance against such a risk.
Performance and resources cabinet member Hannah Norman (C, Quedgeley Fieldcourt) said their insurance policies were approved by the director of policy and resources Jon Topping.
She said: “The implementation of the council’s insurance policies were approved by the director of policy & resources following advice and consultation with insurance brokers and the audit, risk and assurance partnership.”
Cllr Hilton also asked whether the cabinet had discussions with council officers about insuring against IT system breaches after 30,000 emails were hacked in 2014.
However, Cllr Norman said none of the current cabinet members were in the cabinet at the time of that incident.
Responding to supplementary questions from Cllr Hilton, Mr Topping said in an email that the council’s insurance policy was renewed on April 1, 2019 and that he could not remember any specific conversations with cabinet about insuring against a future cyber attack on the council’s IT systems after the 2014 incident.