logo
Click to Search Telephone Location
SearchClick to Search
  • Facebook
  • X
  • YouTube
Partly cloudy Dumfries 18.5 °C
DNG24
Email [email protected] Tel 01461 202417

Cyber security strengthened at council

By Fiona Reid Editor
Share:
  • Share On Facebook
  • Share On X
  • Share On Whatsapp
  • Share On Email
Published: 10th May 2026|Location: Regionwide

A DEVASTATING cyber attack on a Scottish local authority has prompted Dumfries and Galloway Council to strengthen its online defences.

Cyber security and IT leaders at the council have learned lessons from a shock ransomware attack in 2023 that crippled the Western Isles Council.

The attack impacted most of the services there, bringing its financial systems to a standstill, and they are still counting the cost.

A report going before Dumfries and Galloway Council’s audit, risk and scrutiny committee next Thursday outlines the steps being taken locally to prevent a similar disaster.

Audit Scotland produced a detailed guide after investigating the events. It explained that critical records, including accounting data were lost, staff were stretched to breaking point, and the council is still working through the backlog.

The direct costs of the attack have been estimated at around £950,000, with an additional £300,000 in ongoing recurring expenditure to rebuild systems.

Audit Scotland’s review identified four key areas of vulnerability: IT infrastructure, preparedness and testing, staff training, and IT team capacity. The watchdog was clear that the lessons were relevant to all Scottish councils.

Kris Edgar, Dumfries and Galloway Council’s cyber security and ICT lead, has set out how the local authority here is addressing each of those areas. His report states: “Cyber security incidents continue to pose a significant and growing risk to public sector organisations.

“While the circumstances of each council differ, Audit Scotland has been clear the findings from this incident are relevant across the sector.

“No organisation is immune, but preparation, testing, and governance can materially reduce the impact of an incident and improve recovery outcomes.”

DG council has completed a programme to shift key systems away from locally hosted servers and into the cloud.

There has been investment in backups and recovery arrangements, while disaster recovery plans are to be fully tested in the coming months.

Staff training is also being overhauled, with “updated cyber awareness and social engineering training for all”.

Mr Edgar’s report added: “Lessons around staff pressure and wellbeing during cyber incidents have been highlighted and is being factored into our preparedness planning.”

Back

Related News

Calculator-and-Money-2-scaled 45222711

Council to foot £9.5m healthcare bill in bail out

BE-broken-family 64704103

Hopes changes will tackle foster carer shortage

lockerbie-layby-cbbdh1

Action plan to tackle litter and dog mess

doctor-patient-scaled 92554984

GP walk-in service expands