The cyber threat to local government is real, increasing, and constantly evolving. Attacks can disrupt essential services, damage public trust and cause significant financial losses. We’ve seen this first-hand with ransomware attacks targeting councils such as Hackney, Gloucester, and Redcar and Cleveland.
In response, MHCLG’s Local Digital team has been helping councils to build their cyber resilience through:
- the Cyber Support programme, which has provided £19.9 million in funding to 192 councils
- the Cyber Assessment Framework (CAF) for local government, which launched in October 2024 to help councils assess and improve their cyber resilience
Four years into the Cyber Support programme, we’re sharing insights on the impact of our cyber work. These are drawn from early findings of the independent evaluation of the Local Digital programme.
We’ll also share how we plan to gather further insights on sector risk to inform the future of our cyber support.
Where we’re seeing real improvements
As well as funding, the Cyber Support programme provided participating councils with:
- targeted treatment plans
- access to expert advice and cyber clinics
- regular vulnerability scans
These focused on actions that can have the most impact on reducing the threat of ransomware attacks.
Results from the independent evaluation show that this support has had a major impact on councils. The programme has resulted in real, measurable improvements to sector-wide cyber resilience and direct financial benefits, with high satisfaction rates across participating councils.
Between 2020 and February 2025, the programme contributed to:
- an 83% reduction in initial risk across all focus areas
- an 82% improvement in backup resilience, critical for recovery from cyber incidents
- annual savings of around £11 million across the sector, thanks to reduced risk
While the evaluation highlights progress, it revealed some wider sector challenges. These include:
- attracting cyber talent – councils continue to face staffing pressures, with limited budgets, increased workloads, and difficultly competing with private sector salaries. Many are relying on upskilling existing teams or bringing in interns, but this takes time to deliver results
- creating a positive culture of cyber security – organisational buy-in for cyber security remains inconsistent. While some leaders are engaged following major attacks, broader awareness and training are often underfunded or outside the scope of cyber plans
- procuring affordable out-of-hours cyber capabilities – logging and monitoring remains a weak spot within the sector, with councils struggling to find cost-effective, out-of-hours solutions. Many end up managing this in-house, which can delay responses and reduce resilience
What’s next for our cyber support
The evaluation has shown us that targeted, tailored support works. It’s helped improve our understanding of the sector’s cyber needs and gaps, which will help us to develop our support offer.
It’s also revealed where a different approach may be needed. We’re now exploring how we can utilise the value of sharing cyber security data, expertise and capabilities across the sector through our Defend as One pilots.
Help us shape the future of our support
To continue improving our offer, we need a deeper understanding of risk across the sector.
By completing the CAF for local government and submitting your progress to MHCLG, you can help us build that picture. Over 200 councils have completed the Get CAF Ready programme, and many have started their CAF self-assessment.
Visit our CAF for local government webpage to learn more and subscribe to our CAF newsletter for the latest updates on the service.
Learn more
To hear more about Local Digital’s work:
1 comment
Comment by David Moss posted on
Local Digital published a blog post on 23 April 2025 'Exploring approaches for using GOV.UK One Login in local government: join our discovery'.
29 April 2025, Computer Weekly magazine published 'Gov.uk One Login yet to meet government cyber security standards for critical public services', which includes this:
QUOTE
One Login was recently assessed as part of a GovAssure review, which found that in the space of a year, the GDS digital identity team had moved from meeting only five of the 39 CAF outcomes to 21.
UNQUOTE
Local Digital's post above is a sensible attempt to increase local authority resilience to cyber attack.
It may turn out that keeping well away from GOV.UK One Login is advisable.