"The ransomware attack on Comhairle nan Eilean Siar, in Scotland's Western Isles, required "several" of its systems to be reconstructed, among other damage - especially to the authority's finance department."
"Systems for housing benefits, council tax, and non-domestic rates remain unrestored, with their large data volumes slowing the digital renovation, the audit noted."
"Weaknesses in IT infrastructure, governance, preparedness, and staff capacity were identified back in 2021/22 and had they been addressed sooner, the impact of the attack might have been reduced."
"As a matter of priority, realistic and achievable timelines should be set for all agreed audit recommendations which will support elected members to monitor delivery more effectively and focus on mitigating risks. This is important for any agreed recommendations in all councils."
Comhairle nan Eilean Siar suffered a ransomware attack in November 2023 that destroyed multiple systems, heavily affecting the finance department. Several systems required reconstruction and some remain unrestored two years later, including housing benefits, council tax, and non-domestic rates, with large data volumes slowing digital renovation. As of September 2025 only five of ten recommended cybersecurity measures have been implemented; testing of staff training, incident response plan validation, and full compliance with NCSC security principles remain outstanding. Weaknesses in IT infrastructure, governance, preparedness, and staff capacity were identified in 2021/22 and could have reduced the impact if addressed earlier. Many systems were locally hosted and backups were not robust enough to minimise damage.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]