Published on 31 July 2025
A council experienced a cyber incident caused by a malicious actor, threatening the security and operation of key digital services. Immediate and expert intervention was critical to contain the threat and minimise operational disruption.
Under the LG Mutual Liability (LGM) cyber liability cover, the Council accessed the 24/7 Incident Response Manager (IRM) hotline. The IRM promptly engaged a forensic vendor to investigate the breach and evaluate its impacts.
Containment measures included taking the two affected servers offline and quarantining the environment to cut off the threat actor’s access. Given service disruptions, a communications plan was implemented to support stakeholders during the outage.
The forensic investigation confirmed data exfiltration from the Council’s service portal. Thanks to the cyber liability policy, the Council received comprehensive support covering technical containment, forensic analysis, legal advice, communications, and incident response services. Costs were managed under the policy terms, with only the excess payable by the Council.
With mandatory data breach reporting becoming law within the next 12 months, it is essential for councils to integrate their cyber liability policy details into incident response plans now. Immediate access to expert support can dramatically reduce the impact of cyber incidents.
LGMS members can access valuable resources, including cyber risk management guides, controls assessment tools, and upcoming playbooks via the LGMS Member Centre. These tools help councils strengthen cyber resilience and prepare for potential threats.
This incident underscores the critical importance of comprehensive cyber liability coverage combined with expert incident response. LGMS’s cyber liability program enabled the Council to act swiftly, contain the breach, and manage costs — a model for proactive cyber risk management in local government.