Supporting local government to reduce cyber risk through targeted interventions

The cyber threat to local government is real, increasing, and constantly evolving. Attacks can disrupt essential services, damage public trust and cause significant financial losses. We’ve seen this first-hand with ransomware attacks targeting councils such as Hackney, Gloucester, and Redcar and Cleveland.   

In response, MHCLG’s Local Digital team has been helping councils to build their cyber resilience through: 

the Cyber Support programme, which has provided £19.9 million in funding to 192 councils  the Cyber Assessment Framework (CAF) for local government, which launched in October 2024 to help councils assess and improve their cyber resilience 

Four years into the Cyber Support programme, we’re sharing insights on the impact of our cyber work. These are drawn from early findings of the independent evaluation of the Local Digital programme.  

We’ll also share how we plan to gather further insights on sector risk to inform the future of our cyber support. 

Where we’re seeing real improvements 

As well as funding, the Cyber Support programme provided participating councils with: 

targeted treatment plans  access to expert advice and cyber clinics   regular vulnerability scans  

These focused on actions that can have the most impact on reducing the threat of ransomware attacks. 

Results from the independent evaluation show that this support has had a major impact on councils. The programme has resulted in real, measurable improvements to sector-wide cyber resilience and direct financial benefits, with high satisfaction rates across participating councils.   

Between 2020 and February 2025, the programme contributed to: 

an 83% reduction in initial risk across all focus areas  an 82% improvement in backup resilience, critical for recovery from cyber incidents  annual savings of around £11 million across the sector, thanks to reduced risk 

While the evaluation highlights progress, it revealed some wider sector challenges. These include: 

attracting cyber talent – councils continue to face staffing pressures, with limited budgets, increased workloads, and difficultly competing with private sector salaries. Many are relying on upskilling existing teams or bringing in interns, but this takes time to deliver results  creating a positive culture of cyber security – organisational buy-in for cyber security remains inconsistent. While some leaders are engaged following major attacks, broader awareness and training are often underfunded or outside the scope of cyber plans   procuring affordable out-of-hours cyber capabilities – logging and monitoring remains a weak spot within the sector, with councils struggling to find cost-effective, out-of-hours solutions. Many end up managing this in-house, which can delay responses and reduce resilience 

What’s next for our cyber support 

The evaluation has shown us that targeted, tailored support works. It’s helped improve our understanding of the sector’s cyber needs and gaps, which will help us to develop our support offer.  

It’s also revealed where a different approach may be needed. We’re now exploring how we can utilise the value of sharing cyber security data, expertise and capabilities across the sector through our Defend as One pilots.  

Help us shape the future of our support 

To continue improving our offer, we need a deeper understanding of risk across the sector. 

By completing the CAF for local government and submitting your progress to MHCLG, you can help us build that picture. Over 200 councils have completed the Get CAF Ready programme, and many have started their CAF self-assessment. 

Visit our CAF for local government webpage to learn more and subscribe to our CAF newsletter for the latest updates on the service. 

Learn more 

To hear more about Local Digital’s work: 

connect with us on LinkedIn  subscribe to our newsletter  follow us on X (Twitter)