Concerns are mounting in Gloucestershire as half of Cheltenham Borough Council’s councillors have not completed mandatory cyber security refresher training, putting critical council services at risk of cyber attacks. A recent freedom of information request revealed only 20 out of 40 councillors have undertaken the online training, sparking alarm among officials wary of a repeat of devastating ransomware attacks seen at Gloucester City Council in 2021.
In that attack, Russian hackers deployed malicious software through deceptive emails, crippling nearly every council system. Essential services including housing benefit claims, council tax payments, leisure center bookings, and property searches were severely disrupted, with recovery taking years. Financial fallout from overspending linked to poor accounting practices following the hack has pushed Gloucester City Council toward bankruptcy.
While Cheltenham officers show strong compliance—90% have completed cyber training—the 50% uptake among councillors reveals a significant vulnerability. The council regularly offers training through both online modules and in-person sessions, but some elected members lag behind. An anonymous councillor warned, “Systems are only as strong as their weakest link. If councillors don’t complete mandatory training, it exposes council systems to attack risks.”
READ MORE: Discover the ‘Magical’ Woodlands Near Gloucestershire Perfect for Winter Walks
Across Gloucestershire, trends vary. Tewkesbury Borough Council boasts high staff training completion at 98% and 86% among councillors, with annual sessions offered. Stroud District Council requires yearly training for staff and agency workers, achieving nearly 75% completion, and provides cyber briefings for elected members during induction.
Gloucester City Council, while maintaining robust IT security post-attack, declined to disclose training completion rates citing law enforcement concerns. Cotswold and Forest of Dean District Councils report 94% officer compliance and have recently started annual cyber refresher courses for councillors.
Gloucestershire County Council has yet to respond to information requests on training completion but is actively working on the response.
The UK’s National Cyber Security Centre underscores the ongoing threat from state actors such as China, Russia, Iran, and North Korea in its 2025 cyber threat review. It stresses that all organizations—and especially public sector bodies—must prioritize cyber resilience to protect operations.
Supporting local councils, the Ministry of Housing, Communities and Local Government has allocated £23 million since 2020 toward cyber grant funding and technical aid. Initiatives include the Cyber Assessment Framework setting cyber security standards for local government and a Cyber Incident Response service to help councils swiftly manage severe cyber incidents.
As cyber threats escalate, Cheltenham Borough Council’s vulnerability highlights the urgent need for councillors to fully engage with training and fortify the frontline defense of public services.