At least one in four councils had experienced a cybersecurity incident over the same five year period, Big Brother Watch found through freedom of information requests.
“While some councils have taken measures to face the ever growing threat from cyberattacks, especially the areas of staff training and reporting of successful cyberattacks need urgent attention,” the report, released on Tuesday concluded.
Of the 395 local authorities that responded to the FOIs, the worst hit councils included Durham, which suffered approximately 1.3 million cyberattacks per month, and Gateshead, which recorded 65,000 per month.
The data revealed 29% of the councils experienced a ‘cyber security incident’ between 2013 and 2017.
Also, 25 councils experienced one or more ‘cyber security incidents’ that resulted in the loss or breach of data.
The report also found 297 authorities did not provide mandatory cyber security training, and 62 do not provide any training at all.
Moreover, 56% of council’s who experienced a loss or breach of data did not report it.
Jennifer Krueckeberg, lead researcher at Big Brother Watch, said: “We are shocked to discover that the majority of councils’ data breaches go unreported and that staff often lack basic training in cyber security.
“Local authorities need to take urgent action and make sure they fulfil their responsibilities to protect citizens.”
Pat Walshe, director of data protection consultancy Privacy Matters, said: “The report reveals inconsistent approaches to safeguarding personal and sensitive data held by local authorities.
“It will be important that local authorities receive appropriate support moving forward.”
An LGA spokesperson said: “Very few of these attacks actually manage to breach the firewalls or scanning systems in place, and councils are working closely with the national cyber security centre to make sure that their systems and processes are as robust and resilient as possible.
“Councils will undertake whatever measures are necessary to keep residents’ data safe and the LGA has been helping councils adopt “secure by design” approaches to new systems and services.”
PF recently examined what local authorities are doing to protect themselves against cybersecurity threats.
Responses from freedom of information requests to councils in England found spend on cybersecurity had gone up.