Concerns are mounting that vital services in Gloucestershire’s Cheltenham Borough Council could be at risk of cyber attacks due to incomplete cyber security training among councillors. A recent freedom of information request revealed that only 20 out of 40 councillors have completed mandatory online cyber refresher training.
This shortfall has raised alarm, with councillors fearing a repeat of the severe ransomware attack Gloucester City Council endured in 2021. In that incident, Russian hackers infiltrated the system through a cleverly disguised email, crippling nearly every council system. The attack disrupted housing benefit claims, council tax payments, leisure centre bookings, and delayed house sales due to property search hold-ups. Recovery took years, and the council is still grappling with financial instability, partially attributed to accounting issues following the cyber breach.
Across Gloucestershire, councils report varied compliance rates for cyber security training. Cheltenham’s council officers show strong engagement with 90% completion, but elected members lag behind at just 50%. Cheltenham Borough Council insists it regularly offers training through online modules and in-person sessions, encouraging councillor participation.
READ MORE: Winning Lotto Numbers Tonight: Full National Lottery and Thunderball Results for Saturday, January 3, 2026
READ MORE: Newcastle Red Bulls Secure First Gallagher PREM Win in 399 Days with 25-19 Victory Over Gloucester Rugby
An anonymous councillor emphasized the critical importance of cyber security, stating, “Systems are only as strong as their weakest link. If councillors don’t undertake mandatory training, it leaves council systems vulnerable to attack.”
Other councils show better compliance: Tewkesbury Borough Council reports 98% of staff and 86% of councillors completed training, while Stroud District Council encourages annual courses for staff and agency members, with roughly 75% staff completion, though councillor figures weren’t disclosed. Gloucester City Council, post-attack, maintains robust IT security measures and regular training but has withheld specific participation rates citing law enforcement sensitivities.
Cotswold and Forest of Dean district councils report 94% staff training completion and have just launched refresher programmes for councillors. Gloucestershire County Council has yet to respond to a similar information request but is working to provide an update.
At the national level, the National Cyber Security Centre highlights ongoing cyber threats from state actors like China, Russia, Iran, and North Korea, urging all organisations to embed cyber security as a core element of operational resilience. Since 2020, the Ministry of Housing, Communities and Local Government has allocated £23 million in grants and technical assistance to local councils, delivering frameworks and incident response services to strengthen cyber readiness.
With critical local services depending on secure council systems, Cheltenham and other Gloucestershire councils face an urgent need to improve councillor engagement in cyber security training to avoid disruptive and costly cyber incidents.