Being a victim of a cyber attack is never a comfortable feeling. However, when the attack is on a local authority and renders the IT infrastructure inoperable for a period of time, certain questions are bound to be asked.
One of our local authority clients faced this scenario in February 2020 and required a subsequent evaluation of the impact of the attack. Our Technology Consulting and Assurance team assessed whether they had made proper arrangements for securing the economy, efficiency and effectiveness of its resources, based on guidance and criteria provided by the National Audit Office (NAO).
As part of this evaluation, a Cyber Impact Assessment was undertaken to support the value for money (VFM) conclusion for the 2019/20 audit. The scope of the work was focused on answering three key questions as follows:
- Did the council have sufficient ‘arrangements’ in place to either prevent or reduce the likelihood of a cyber security breach?
- Has the council taken efficient and effective steps in recovering services as a result of the cyber security breach? And
- Has the council taken efficient and effective steps in implementing further controls to reduce the likelihood and impact of a future cyber security breach?
Our audit team carried out a detailed assessment to answer the three questions above. In the end, we were able to provide the client with independent assurance that the steps they had taken following the cyber attack were efficient and effective.
One of the key lessons from this cyberattack and those experienced by other similar organisations in the last 12 months is that it is not a case of if, but rather when an attack will occur in these organisations. As a result, public sector organisations are actively ensuring they have implemented incident response processes (to respond to a breach) and more recently, ensuring that they have offline backups to restore from.
If you would like to speak with a member of our Public and Social Sector team, please click the button below:
Contact Us Today