The recently launched review of the Local Digital programme is to include the development of a model for local authorities to quantify the costs of cyber risk, one of the leaders of the project has said.
Johnny Hugill, deputy director at technology consultancy public, told UKAuthority that this reflects a prime purpose of the programme – which was announced last month – in understanding the impact of the local government digital and cyber projects supported by the Department for Levelling Up, Housing and Communities (DLUHC).
Public is working on the programme with data and cyber security consultancy Daintta and the Society of Innovation, Technology and Modernisation (Socitm).
“One of the main things we want to do is build a model to show how much cyber risk costs for a council, and if you take steps to prevent the risk how much money you save,” Hugill said.
“We’re trying to produce a model for how much you invest in cyber and how much it ultimately saves you. We’re going to be developing that over the next few months.”
While the whole evaluation programme is set to run for two years, Hugill said the team hopes an initial model will be made available during the process then further developed.
Translating to savings
Hugill added: “We want to provide a model that can quantify what the cost of a cyber breach could be for a council, and therefore can quantify if they take steps to improve their cyber posture, what that translates to in terms of savings for the council.
“It’s a tough thing to do but we’re going to be doing it in partnership with some cyber vendors, councils and other parts of government.”
James Saye, senior manager of Daintta, said the model could help to impress senior leaders with the importance of investment in cyber resilience.
“It’s really helpful when you put pound signs in front of figures,” he said. “Executives’ ears start to prick up. But it’s a difficult thing to do, to show if you get this type of attack this is how much it is going to cost you.”
Length and complexity
They said the two-year process for evaluating the whole programme reflects the length and complexity of many of the projects involved, and the need for DLUHC to sign it off in line with the requirements of HM Treasury for a robust financial assessment.
“It’s always really tricky when you do an evaluation with councils, because we have to get data from them, have to run surveys,” Hugill said.
“We thought we could do this differently through being able to do it in partnership with the sector, and maybe make it feel less like a formal, stuffy process and more helpful to people.
“So we’re really focused on pulling out stuff like the lessons they can learn from each other. Lots of councils will hear about great projects and we want to say what has worked, how they have improved services and the user experience, and how much money has been saved.”
Detail on timings of the project revised on 23 June based on further information
