We live in a time of increasing cyber-attacks and security breaches. As councils hold a wealth of their community’s data including credit card information, health-related data, ratepayer information and business and development proposals, they are prime targets for cyber-attacks.
A recent enquiry by the NSW government into cyber security found that 80 per cent of councils were without a cyber security policy or framework, while 76 percent had not delivered cyber security training to all staff.
When a council in the north-east of England was hit by a ransomware attack earlier this year, its IT servers were disabled for months. The attack left Redcar and Cleveland Borough Council’s website inoperable and some officials having to use pen and paper to keep services running. Almost all functions of the council were affected, and the required response and consequential impacts had a forecasted loss of £10.144 million.
Service interruptions aside, privacy breaches have serious ongoing effects, as Sydney property valuation and consulting business, LandMark White (LMW) discovered throughout 2019. When 137,500 valuation records were stolen from LMW’s database in January and posted on the dark web, banks and other property sector businesses were forced to inform customers about the breach. LMW was suspended from the Big Four bank panels until adequate cyber security measures were in place. The reputational damage was devastating and LMW lost an estimated $7 million in revenue. A forced three-month trading halt eventually resulted in a declared a full year loss of $2.3m, rather than the $2.8 profit it was expecting.
Reputational damage is a significant consequence to prepare for. According to a global study by Gemalto, up to 70 per cent of consumers would be more likely to abandon a brand after it experiences a data breach. This can be for various reasons, from feeling like their data is unsafe, to the organisation’s public response to the breach.
As the number of cyber-attack instances continues to grow, even tech companies are vulnerable.
The increased adoption of video conferencing in 2020 led to 500,000 compromised Zoom accounts being sold on the Dark Web and other hacker forums. The data was stolen through a credential stuffing attack, where the hacker attempts to access an account using accounts and information that have been previously compromised in other data breaches.