Lack of training could lead to future cyber attacks

There are fears a major cyber attack could be repeated because local politicians are not keeping up with their cyber security training.

Gloucester City Council suffered a cyber attack in 2021 when Russian hackers sent an e-mail designed to look like part of a conversation, which then released malicious software and made almost every system inaccessible.

Across Gloucestershire other councils have revealed how many councillors and staff have completed cyber security training, with only half of Cheltenham Borough councillors completing theirs.

The borough said some members completed similar training elsewhere, so they are not expected to do it again.

Following a freedom of information request by the Local Democracy Reporting Service, Gloucester City Council said its council officers and councillors "regularly undertake cyber security training", although it would not disclose how often.

The city council said it has "very robust IT security" following the attack, which disrupted housing benefit claims, council tax payments and house sales.

It has struggled to recover since then, and is now facing bankruptcy.

Meanwhile, only 20 of Cheltenham Borough Council's 40 councillors have completed their online cyber refresher training.

The completion figure was much better for council officers, at 90%.

Tewkesbury Borough Council, which faced its own cyber security threat in 2024, said 98% of its staff completed the training in the last financial year and 86% of councillors who had been offered the training had completed it.

At Stroud District Council, staff, including agency staff, are asked to complete cyber security training courses, and the current completion rate is just short of 75%.

A councillor, who did not wish to be named, said cyber security is extremely important to keep council systems safe.

"Systems are only as strong as their weakest link," they said.

"If the weakest link are councillors that don't undertake mandatory training, that's not acceptable.

"And it leaves council systems open to penetration."

The Ministry of Housing, Communities and Local Government has provided £23m of cyber grant funding and technical support to councils since 2020, and has launched a local government Cyber Incident Response service to support English local authorities to respond to severe cyber incidents.

Cotswold District Council and Forest of Dean District Council both said 94% of its officers have completed their cyber security training.

The councils did not say what the completion percentage was when asked for the uptake among elected members.

Gloucestershire County Council missed the request deadline and was unable to provide the information.

Follow BBC Gloucestershire on Facebook, X and Instagram. Send your story ideas to us on email or via WhatsApp on 0800 313 4630.