ProLion sent the FoI request to each of London’s 32 borough councils plus the City of London in December 2021. Five councils (17 percent) refused to say whether or not they have in place a cyber insurance policy, citing Section 31 of the Freedom of Information Act which exempts the disclosure of information that could ‘prejudice the prevention or detection of crime’.
One council responded to say that the disclosure of information related to cyber insurance could lead to increased risk by encouraging an attack. Others said that disclosure of such information would give cybercriminals insight into possible vulnerabilities, or embolden them to attack those most at risk.
Eight borough councils (24 percent) were ambiguous or unclear in their response to the FoI request. Three borough councils did not respond to the request at all.
Steve Arlin, VP Sales, UK, Americas & APAC, ProLion, said: “Ransomware attacks have continued to rapidly grow both in frequency and sophistication. The situation demanded action a long time ago, and the issue is now so large that businesses can’t afford to be reactive in their approach to cybersecurity.”
He said organisations of all sizes and sectors are viable targets for opportunistic cybercriminals but the public sector is likely to hold more sensitive data, including Council Tax, medical records, and financial information. This might explain why they are a preferred target and more likely to pay any ransom demands.
The research also provided insights on councils’ approach to cybersecurity. Responding to the freedom of information request, a representative for one council explained, “We have discovered the cyber insurance market remains very challenging and therefore difficult to obtain competitive quotations, we are currently looking at both insurance and a cyber consultancy review, including self-assessments as a solution to our cyber risks.”
Arlin said: “It’s no secret that a rise in ransomware attacks has brought on an increase in the price of cyber insurance in recent years. In fact, Sophos’ 2021 Guide to Cyber Insurance revealed that the average cost of cyber insurance has increased by 32 per cent. The cyber insurance market is evolving at an extraordinary speed to keep pace with the growing volume and developing sophistication of attacks.”