Fears vital services could be at risk in Cheltenham as half of councillors not keeping up with cyber security training
Gloucester City Council's systems were compromised by a ransomware attack back in 2021.
There are serious concerns vital council services in Gloucestershire could be disrupted once again by hackers because councillors are not keeping up with their cyber security training.
A recent freedom of information request has revealed that only 20 of Cheltenham Borough Council’s 40 councillors had completed their online cyber refresher training.
This has sparked alarm among councillors who fear such a weakness in their cyber security defences could lead to another devastating situation like Gloucester City Council suffered in 2021.
The authority’s systems were compromised by a ransomware attack when Russian hackers sent an e-mail designed to look like part of a conversation, which released malicious software and made almost every council system inaccessible.
This disrupted housing benefit claims, council tax payments, leisure centre bookings and caused havoc with house sales in the city with delays to property searches.
It took years for the council to fully recover and it is now at risk of bankruptcy with the discovery of overspends council leaders say are due to poor accountancy practices after the cyber attack.
Councils across Gloucestershire were asked by the Local Democracy Reporting Service how often their staff and councillors undertake cyber security training.
Cheltenham Borough Council, who so far are among only two of the authorities to make the information on councillor uptake public, said only 50 per cent of their elected members have completed their online cyber refresher training.
However, the figures were much better for council officers with 90 per cent having completed their training.
The council says it offers cyber security training on a regular basis and councillors are encouraged to complete it both through online modules and in-person member development sessions.
A councillor, who did not wish to be named, said cyber security is extremely important to keep council systems safe.
“Systems are only as strong as their weakest link,” they said.
“If the weakest link are councillors that don’t undertake mandatory training, that’s not acceptable."
“And it leaves council systems open to penetration.”
Tewkesbury Borough Council, which had a cyber scare of its own in 2024, has an even better compliance rate for staff with 98 per cent having completed it in the last financial year.