mywelshpool logo
jobs page link image
follow us on facebook  follow us on twitter
Sunday
22  June
top news stories of the past week
“Victory for common sense” as speed limit finally done! Charlies to open new store Entertainment revealed for Welshpool Carnival Bridge collision impacts Welshpool train services today Kelly’s mission continues to clean-up Welshpool
supported by derwas

Council says it is prepared for a cyber attack

 
21/06/2025 @ 11:45

Powys Council chiefs are confident that the new information technology they are now using will protect the authority against cyberattacks.

At a meeting of the Governance and Audit Committee on Friday, councillors and lay members received a report on the council’s strategic risk register for the last quarter of 2024/2025 (January to the end of March).

The report says that the digital services department want to de-escalate the risk that the council’s: “information and systems will be vulnerable to a cyberattack” from phishing emails.

If senior councillors agree to this, the risk will drop down to be managed by a departmental risk register.

Welshpool's Cllr Graham Breeze (Powys Independents) said: “This concerns me, I’m really uncomfortable that we’re asking for this to be de-escalated.

“The current situation we live in, worldwide massive organisations such as Marks and Spencer have come under a huge attack which has cost that company over £300 million to date.

“I’m interested to know how we feel so confident that we have control over this that we can de-escalate a risk I would consider to be one of the biggest we have as an authority.

“The sheer significance of this authority being hit by a cyberattack is unthinkable.”

He wanted to be convinced that the council had a “super system” to defend it from cyberattack.

Head of digital services Ellen Sullivan said: “The risk remains high, what is reduced is threat.

“We’ve actually purchased and deployed extra phishing software, so we have that across all our systems that detects any phishing concerns.”

She added that extra “phishing training” for staff had also been rolled out by the council.

This means that “fake emails” are sent out to test whether staff each month.

Ms Sullivan explained that staff who click on the fake emails would then be given “refresher training.”

Cllr Chris Walsh (Labour) said: “Cyber criminals will change their behaviour and tactics on a regular basis, it’s not a stationary situation, it’s an evolving one.

“Reducing it feels slightly complacent.”

Cabinet member for customers, digital and community services, Cllr Raiff Devlin (Liberal Democrat) said: “There is no complacency here whatsoever.

“The council has invested significantly into its cyber defence.

“While members are absolutely correct to point out it’s a dynamic environment, the key to maintaining our defence is our ongoing investment and there is a commitment by the cabinet to do just that.

“So, I feel that we are managing this risk appropriately and I’m reassured that the department has what it needs in place to do that.”

The report will go in front of the Liberal Democrat/Labour cabinet for a decision next month. 

By Elgan Hearn, Local Democracy Reporting Service