Gloucester City Council cyber attack: Leaders reject calls for independent review
The attack affected the council's online services in December 2021
Last updated 1st Mar 2022
Gloucester City Council leaders have rejected calls for an independent review into the cyber attack affecting their online services.
The local authority became aware on December 20 that their systems had been breached.
Since then, the council has been working with the National Crime Agency and the National Cyber Security Centre to understand more about the breach.
The cyber attack has affected online revenue and benefits, planning and customer services. However, the full extent of the costs it will take to put things right is yet to be known.
Speaking at the council’s budget meeting on February 24, Cllr Declan Wilson (LD, Hucclecote) called on council leaders to accept the Liberal Democrats’ proposal of setting aside £25,000 for an independent review into the failure.
He said the council owed it to the public they represent and should be transparent about the issue.
Cllr Wilson also said the findings of the review should be shared with other local authorities as he fears cyber attacks will become more common in future.
He said: “It’s to do with transparency.
“We need to remember why we are here to represent residents and we need to be transparent and explain to them while we are spending their money. If we aren’t transparent, we are a malfunctioning authority and we must always be open.
“What we could do with the information we are already getting is ask our external auditors to review what is being done and give assurance to the audit and governance committee.
“We must be satisfied as members that we are well protected as we go into the future.
“We also need to understand why and how it happened because there could be lessons to be learnt from this.
“We could have an experience we share with other local authorities.”
However, performance and resources cabinet member Hannah Norman (C, Quedgeley Fieldcourt) said setting aside £25,000 for an independent review would not be necessary.
She said they wanted to have the flexibility to be able to use that funding for the councils recovery from the attack.
“The council does have an independent report by NCSC in relation to the cyber incident and as soon as we are able to leave the recovery phase we will move into a review on the cause, the council’s preparedness and our long term cyber security measures.
“We will be able to share findings of that report to members.”