Local governments face a variety of cybersecurity challenges in their supply chains, covering a wide range of spend categories and suppliers. Challenges faced by councils are growing more acute due to the increased focus on digital public and corporate services offered by councils, as well as the changing nature of cyber threats and general international climate. 

This risk has already been felt directly by a number of councils. For example, the Redcar & Cleveland Council cyber attack in 2020 left about 135,000 people without online access to public services, and a later independent financial impact assessment estimated the cost of this single incident at £8.7m. This example was found to be a ransomware attack. Ransomware attacks, like many other cyber threats, can exploit vulnerabilities in both an organisation's IT systems, but also in that organisation's supply chain. 

The ‘Embedding Cyber Resilience in Local Government Supply Chains’ project was run by PUBLIC on behalf of the Local Government Association (LGA), in partnership with Daintta, to explicitly address these concerns and proactively address vulnerabilities by embedding cyber resilience within local government supply chains.

The project aimed to promote practical cyber security awareness and understanding of the risks that supply chains pose to local councils. Once understood, the project sought to mitigate identified risks, establish control of councils’ supply chains, and drive a culture of secure procurement and cyber resilience. We provided guidance and tools to support local councils to ensure that their supply chains are resilient to emerging cyber threats. 

With a variety of different council types, influenced by size, geographic location and levels of cybersecurity maturity, the first step in such a project was to understand the stakeholder landscape. In order for all materials produced to be as targeted and relevant as possible, we conducted an in-depth user research process incorporating stakeholder interviews, focus groups, and survey data to inform the development of learning materials. 

We drew upon expertise from our in-house design, learning programmes, external affairs & communications teams to develop learning resources that are evidence-informed in their learning methodologies, and have rich, engaging content. Our best practices were employed in conjunction with insights from user research to develop webinars, guides, and learning materials to promote cyber resilience. 

As cyber attacks become more sophisticated and targeted, it has never been more important to ensure that councils are properly protected. The work that we have done with the LGA will make these resources available to over 339 different English and 22 Welsh councils. 

This project is focused on achieving cultural change that enables professionals to make better security decisions. Bearing that goal in mind, content was developed and delivered with accessibility and access at the forefront so that it is valuable to everyone across levels of cybersecurity maturity and understanding.