Working with elected members is vital, says new LGA guidance.
Cyber attacks have a devastating impact on councils and their local communities; they interrupt the delivery of vital local services, risk eroding public trust, and are expensive to recover from.
While there are comprehensive frameworks and guidance available, local government officers have told the LGA they were missing something more immediate – practical, accessible support suitable for non-technical staff, something officers could turn to in the middle of a crisis, especially when access to systems might be limited.
The LGA has set out to fill that gap with our ‘Cyber incident grab bag’ – a tool designed to support councils through the early stages of responding to a serious cyber incident. The guidance helps councils to anticipate the likely challenges they will face, find support and authoritative information, and chart their course through to a sustainable recovery.
It does not replace a council’s existing business continuity, disaster recovery and emergency plans, but aims to support them, by empowering officers to act more confidently in those critical initial moments of a cyber incident.
The grab bag helps officers make decisions quickly, work as a team and avoid missteps when pressure is high and information is limited, aiming to complement existing support, such as the National Cyber Security Centre’s Cyber Assessment Framework.
Developed with consultants Public Digital, whose team brought direct experience of navigating major council cyber incidents, the grab bag also draws on expertise, experience and learnings from across the sector and government partners.
It sets out four key early stages to incident response, starting with identifying the incident and taking first steps, and moving to building confidence and designing your recovery path.
Across these four stages, the guidance focuses on areas that councils told us they struggle with, summarised in seven core ‘themes’. These include ‘healthy teaming’ to support staff wellbeing under intense stress, and practical steps for protecting data.
‘Members are likely to be under lots of pressure from residents looking to them for reassurance’
Another theme highlights how working with elected members is a vital part of a council’s response to a cyber incident.
Members are likely to be under lots of pressure from residents, who will be looking to them for reassurance on service impacts, continuity and recovery of services, and other concerns, such as the safety of their personal data.
By engaging well with councillors and supporting them in their important role as representatives of local communities, officers can equip them to achieve the swiftest and safest recovery possible.
Members may also be asked to respond to media coverage – so should be included in communications strategies – and need to be aware of the continued risks posed by hackers.
Member casework is also likely to be affected, with increased levels of contact from residents if council services are hit badly. Preparing for this, and monitoring casework to ensure responses are being managed effectively, will help to sustain confidence in the response and recovery work.
The grab bag is free to access via the LGA website. It has been built to be used, shared and adapted, and will be regularly updated as more guidance, support, learning and user feedback become available.
While no single resource is a complete solution, we believe this collaborative, comprehensive and organisation-wide tool is a vital step in strengthening local government’s collective resilience against cyber threats.
- The ‘Cyber incident grab bag for local authorities’ is available for free on our website. For more information, or to feed back on this tool, please email cyberanddigital@local.gov.uk