Decision Maker: Audit, Risk and Governance Committee

Outcome: Recommendations Approved

Is Key Decision?: No

Is Callable In?: No

Date of Decision: January 27, 2025

Purpose: This report provides an overview of the improvements in cyber security across the organisation and is presented to this committee to provide a progress update requested during the last meeting on 29 January 2024. Cyber remains one the council’s most significant risks with cyber-attacks across the public sector growing in frequency, sophistication and impact. In July 2024 LCC fell victim to a high-risk cyber-attack and this has led to even further improvements to the security controls in place. These newly introduced capabilities are helping to manage the current level of cyber risk, outlined in the Corporate Risk and Opportunity Register, and this has led to a reduction in the risk rating from Red to Amber. The council uses a Microsoft Secure Score to assess its security posture. The score is currently 67% and improving every month, compared to 48% for organisations of a similar size. Recommendation The Audit, Risk and Governance Committee is asked to consider and comment on the progress to date.

Content: