Almost two-thirds (59%) of senior leaders at UK councils says their approach to cybersecurity is outdated and that they are unable to afford the cost of a security breach. That\u2019s according to new research by ERP SaaS provider TechnologyOne, who surveyed more than 500 senior managers at local authorities across the UK. The survey found that only a quarter ranked cybersecurity in their top three priorities whilst 26% acknowledged they have made \u201cno progress\u201d on upgrading cybersecurity.UK councils have been battling with increasing numbers of cyberattacks over the past few years. In 2020, both Redcar and Cleveland Council and Hackney Council faced ransomware attacks that had significant financial impacts on their services, resulting in \u00a310 million and \u00a312 million worth of damages, respectively. The following year, a similar attack hit Gloucester City Council, affecting benefit payments, planning applications, and electoral data. The estimated cost to taxpayers for the council to rebuild its servers stands at around \u00a3845,000. More recently, Sefton Council has said that it is fighting off over 30,000 cyberattacks a month, a rise of 50%. Meanwhile, a delay to critical IT updates has led Bristol City Council to acknowledge that it is facing an increased risk of cyberattacks. UK councils were hit by 10,000 cyberattacks every day in August 2022, a 14% rise from the previous year.Cyberattacks on councils are costly, pose a threat to democracyThe survey found a stark difference between the perception of councils and their residents, with 79% of residents believing that the online experience with their council is secure, while two-fifths of councils (38%) think the opposite. The councils falling behind most on cybersecurity are those in the South West, Yorkshire, North West, and Scotland, according to the research.Cyberattacks on councils are costly for taxpayers and pose a threat to democracy, so its key that the UK government provides funding to help local authorities invest in modern IT systems that act as a first line of defence against cybercriminals, said Leo Hanna, executive VP, TechnologyOne. \u201cThis includes helping councils to move away from legacy, on-premises systems and upgrading instead to cloud-based SaaS. Systems held together by gaffer tape and chewing gum still deliver mission-critical services at local authorities across the country, but they need to be urgently overhauled if they are to remain secure.Most councils would prefer to invest in quality teachers than frontline IT experts, Hanna admitted, but the reality is that the cost of an incident can be catastrophic and have lasting financial impact on a local community.Bringing local UK council cybersecurity up to speedThe UK government\u2019s National Cyber Strategy 2022 includes focus on making the public sector more resilient to external threats and bringing local council cybersecurity up to speed. \u201cOur focus is also on making the public sector more resilient, helping councils protect their systems and citizens\u2019 personal data from ransomware and other cyber-attacks,\u201d it reads. A key recommendation is increased investment to enable law enforcement to pursue investigations at scale and pace, as well as a major step up in data sharing between the government and industry.A whitepaper titled \u201cA Councillor\u2019s Guide to Cybersecurity\u201d sets out guidance for improving the security of local councils, outlining the threats they face and how they can be addressed.