​Cyber-attacks are becoming more frequent and members are encouraged to use both risk financing (protections) and risk management to tackle cyber-vulnerabilities. A proactive approach to cyber resilience can defend LGIS members against many types of cyber-attacks, avoiding down time and the effort involved in recouping potential losses.

Where mitigation programs fail, that's when protection steps in. Scheme protections are in place to provide cover in the event of a cyber-attack. However, members are encouraged to use all options available to mitigate cyber-risks rather than depending on scheme protections for recovery as there are limits to the protections available for members.

In addition a pro-active risk approach will allow LGIS members to get the most out of their protections.

In the recent Australian People Risk report 2022 by Marsh, cyber-security and data privacy was ranked as the risk likely to have the most severe impact on businesses in the next one to three years.

A latest phishing attempt on one of our local government members highlights the potential severity of such attacks.

LGIS members attacked in 2022 - the incident

A WA regional local government recently fell victim to a social engineering fraud scheme leading to a financial loss of over $1 million. The employees received a phishing email, which looked like it was from one of their service providers. Opening a document attached to the said email subsequently gave the hackers access to their supplier list. The hackers then deceived those staff members to make changes to the payment information for a supplier within the financial system to a non-legitimate bank account which resulted in payments being made to an unintended party.

Resilience is key to reducing cyber risks

Unfortunately local government's commitment to transparency by publishing creditor information on their websites also increases their vulnerability to social engineering attacks.

Strengthening the cyber setup is key to reducing online financial fraud. Here are a few tips:

• A system should be established to ensure that changes in contact and bank information is done only after human intervention and verification.
• Spam and message scanning services offered by email and SMS is a great way to filter suspicious content.
• Employees should be made aware about not opening attachments and links received from unrecognised sources.
• A multi-factor authentication system is a must to help protect crucial information.
• Updating anti-malware software on a regular basis can also prevent social engineering attacks.

LGIS' cyber-risk program

LGIS is piloting a cyber-risk program in 2022 designed to help members better understand their exposure to cyber frauds and develop targeted plans to address them. The program's key objective is to gather information on how our members currently manage cyber-risks, giving due consideration to concerns around issues like obsolete software, ransomware management processes and cost of recovery for back-up technology.

For support on improving your local governments cyber-security practices contact your account manager.