Cyber security – 10 questions for a councillor (and any layperson) to ask

The LGA Cyber, Digital and Technology team have developed a list of 10 questions that you can use to better understand cyber security arrangements and how risk is being managed within your council.  


The LGA Cyber, Digital and Technology team have developed a list of 10 questions that you can use to better understand cyber security arrangements and how risk is being managed within your council.  

  • How does my council understand, assess, manage, and remediate cyber-risk and what testing regimes, policies, processes and tools do we use?
  • Do my council’s decision makers and scrutineers have the knowledge and information they need to make/scrutinize decisions relating to cyber-risk?
  • How do officers back up council data – is this secure, offline and regularly tested?
  • Are staff given training on their role in reducing cyber-risk? Is cyber security understood as a whole workforce issue?
  • Do members receive regular cyber security updates – including on threats, incidents and near misses?
  • How does my council use the National Cyber Security Centre’s tools and services?
  • What are the response, recovery and continuity plans for cyber incidents? Are they exercised and tested?
  • How would we deliver services if, following a cyber-incident, we had no access to IT?
  • What are we doing to understand and manage cyber security risk within the supply chain?
  • How well connected is my council with others who it may learn from, or may support it in the result of an attack?

For further information or support, please email LGAcybersecurity@local.gov.uk