In February last year, it was revealed that Redcar and Cleveland Council had fallen prey to a cyber-attack, bringing many of its online resident services to a standstill for a prolonged period of time. Although systems were eventually repaired and services reinstated, the effects of the cyberattack are still being felt now, over a year after the attack, primarily in the huge financial toll it took on the council.
In fact, the government has been set to intervene to help the council with the funding, after millions of pounds were expended on the effort of rebuilding its systems. The prolonged recovery work raises questions about whether Redcar and Cleveland Council’s systems should have been stronger in order to defend against the attack in the first place, and whether the council had an attack response plan in place before they were hit.
This all shows how costly an attack can be, and why it is always so much better to take preventative action instead of an event taking place.
Redcar and Cleveland Council cyberattack
In the wake of the Redcar and Cleveland Council ransomware attack, systems were down for a number of weeks. Even in May 2020 they were reportedly working at a capacity that was still not at 100%. The long-term impact on operations meant that the council reportedly may have lost out on millions of pounds in income, due to losses such as reduced collections of business rates and council tax, on top of the millions in repair costs. In total, the breach was apparently estimated to have cost approximately £10m.
Now, it has recently been announced that the government will be providing £3.68m to Redcar and Cleveland Council to partially cover the costs of the cyberattack. Council representatives sought to confirm that no ransom had been paid to the hackers, and that the money would help to replenish their finances.
Cybersecurity at local councils
Cybersecurity similarly let another local authority down in the Hackney Council cyberattack. The impact of the attack was similar, given that it was also a ransomware attack, and that it halted operations caused significant financial losses. For example, the property market was reportedly frozen.
According to the mayor, the cost to the council was likely to be approximately £10m, again mirroring the Redcar and Cleveland Council cyberattack.
When talking about the council’s repair efforts, a member of Redcar and Cleveland Council reportedly stated that its cybersecurity “will be far more advanced than most peers in local government”. While this suggests that significant positive changes have been made, it also implies that the many other councils are currently functioning with sub-par defences. Moreover, it is unfortunate that it took such a damaging attack for systems to be updated.
Compensation for cyberattacks and data protection breaches
The Redcar and Cleveland Council cyberattack underlines the fact that data protection and cybersecurity are all about preparation, not about scrambling to pick up the pieces in the wake of an attack.
Unfortunately, some third-party data controllers fail to prepare for cyberattacks, putting personal information at risk. Those who have been affected by a data breach as a result of negligence may be able to claim compensation for the harm caused.
If you have been adversely affected by a data breach, contact us for free, no-obligation advice on your potential claim.