Navigating cyber risks: How local authorities can build resilience against emerging threats

InsightsPublic and social sector insights

Cyber resilience for local authorities

16 December 2025
The recent cyber-attack on local authorities in November 2025 serves as a stark reminder of the evolving threats facing the public sector. As cyber risks grow in scale and sophistication, councils must adopt robust cybersecurity practices to safeguard essential services and sensitive data.

Why cybersecurity matters for local authorities

Local authorities manage critical services - from housing and social care to education and public safety. A successful cyber-attack can disrupt these services, compromise citizen data and erode public trust. With the Cyber Security and Resilience Bill (2025) introducing stricter requirements for incident reporting and resilience planning, now is the time to strengthen your cyber posture.

What are the key cyber risks facing local authorities?

1. Third-party vulnerabilities

Many councils rely on shared IT services or external suppliers. A breach in one area can quickly escalate, disrupting services across multiple authorities. Therefore, supply chain security is no longer optional, but it’s essential.

2. Ransomware and phishing attacks

Local authorities are prime targets for ransomware and phishing campaigns. These attacks can lead to service outages, data breaches, and significant financial losses.

3. Regulatory compliance

The Cyber Security and Resilience Bill (2025) requires councils to demonstrate resilience and report incidents promptly. Whilst the Bill is still progressing, aligning with its principles now will help future-proof your organisation.

4. Legacy infrastructure

Outdated systems are often harder to patch, lack modern security controls, and can serve as easy entry points for attackers. Many local authorities still rely on older technology that may no longer be supported by vendors, increasing exposure to exploits. While cloud adoption grows, many critical services and data still reside on-premises. These assets require rigorous protection, as they are frequently targeted in ransomware and phishing attacks. Poorly secured on-premises systems can become a single point of failure.

Best practices to mitigate risks

To protect your local authority, we have outlined best practice to bear in mind to reduce risk and disruption from cyber threats.

Modernise legacy systems

Older systems can create significant vulnerabilities. It’s important to develop a roadmap to upgrade or replace outdated infrastructure, prioritising platforms that handle sensitive data or critical services. Where an immediate replacement is not possible it’s advised to introduce controls such as network segmentation and enhanced monitoring to reduce risk.

Incident response planning

Having a well-prepared response can make all the difference during a cyber incident. By maintaining an up-to-date incident response plan, including clearly defined roles and responsibilities, local authorities can be confident when dealing with both cyber threats but also other critical black scan events. It’s crucial to regularly test your organisations plan through simulations to ensure your team is ready to act quickly and effectively, especially with the evolving nature of cyber threats.

Staff training and awareness

Human error remains one of the leading causes of breaches. By providing ongoing cybersecurity training for staff, focusing on phishing awareness and secure data handling, your teams will know the common tactics to look out for, reducing overall risk. Empowering employees with knowledge is one of the most cost-effective ways to strengthen your defences.

Multi-Factor authentication (MFA)

Passwords alone are no longer enough. Even the strongest passwords alone can be vulnerable. Implementing MFA across all systems adds an extra layer of security and significantly reduces the risk of unauthorised access.

Patch management

Cybercriminals often exploit known software vulnerabilities to obtain unauthorised access to systems. System and software developers keep a close eye on any potential issues and often introduce patches or updates to keep their software secure. Keeping software and systems updated through a structured patch management process to close these gaps before they can be exploited.

Data backup and recovery

Ensuring secure, offline backups of critical data are maintained greatly enhances the ability to rapidly recover and ensure continuity of essential services in the event of an attack or system failure.

Collaboration with peers

Cybersecurity is a shared challenge. Engage with other local authorities and regulatory bodies to exchange insights and best practices. Collaboration helps everyone stay ahead of emerging threats and strengthens resilience across the sector.

Final thoughts

Cybersecurity is not just an IT issue; it’s a core component of service delivery and public trust. By taking these proactive steps, local authorities will build resilience, protect citizens, and ensure continuity of essential services.

Get in touch with our public sector experts 

If you’d like to speak to our public sector experts about any of the cyber risks highlighted above, get in touch using the button below.

Get in touch


 

 

Our experts

Annual Local Government Risk Report for 2025/26

As local authorities continue to grapple with risks exacerbated by financial challenges, the pressure facing the public sector as a whole is becoming more pronounced. The role of internal audit in holding organisations accountable and challenging risk management practices is more crucial than ever as local authorities strive to navigate new risks, including those tied to data, AI, and ongoing recruitment...

Read more

Contact us

+44 20 7063 4000
Meet our local team
Discover our offices
Or use our contact form