MEMBERS of a council have heaped more criticism on the Government and their own executive over a disastrous cyber attack, which downed computer systems and forced the council’s website offline.

The council’s resources scrutiny committee set up a ‘task and finish’ group to investigate the response to the cyber attack in February 2020, which happened when malware was accidentally downloaded onto a council laptop via a suspect e-mail attachment, and the implications for the council and the support promised by the Government.

Presenting their report, the group’s chairman Councillor Philip Thomson said it had transpired that the council’s security measures – while in accordance with national guidelines and deemed to be acceptable – had in fact been totally inadequate.

He said while the council was not at fault for the attack, it needed to consider whether more resources should be allocated to IT security – £60,000 extra annually now having been allocated to the cyber security budget from its coffers.

Cllr Thomson also said: “In terms of negotiating with the Government we felt the council should have done better.

“The executive should have realised earlier that a more robust negotiating position should have taken place, possibly with more public exposure of the issues, although it is easy in retrospect to say this."

“We also feel that the executive was misled by the Government from the outset in understanding the level and timescale with regards to financial support.

“The Government said the focus should be on the speed of recovery with costs to be discussed at a later date.

“While an open cheque book was not promised by any means, this authority was given confidence that legitimate expenditure would be fully recompensed.”

The council initially put the costs of the attack at £16.4m – described as a “guess-estimate” by Cllr Thomson – but this was later revised down to £10.1m and further still to £8.7m following a financial impact assessment.

Cllr Thomson claimed the “goalposts had been changed” in respect of Government support with the eventual £3.68m grant being announced in April this year a “substantial reduction” on what members understood would be forthcoming.

He said initial discussions were based on the Government’s schedules of ‘managing public money’ process, but by December of last year the Government decided without warning, and following several months of due diligence work that had taken place, that any money to be paid would be under another process of providing exceptional financial support.

This reduced the items eligible for funding and also came with strict conditions.

The report stated that “from the outset of the cyber attack the Secretary of State for Housing, Communities and Local Government had told the council executive that the Government would take responsibility for the costs arising from the cyber attack”..

A spokesman said: “We have given Redcar and Cleveland council £3.6m in additional support in the wake of the cyber-attack they suffered, as well as offering an extra £1.2m in capital flexibility.

“The funding covered new IT equipment to return the council’s operations to a steady state as well as staffing and social care costs arising from the cyber attack.”

The council never paid any money to the cyber attackers who had demanded a ransom after seizing control of its computer systems.

It has also never divulged whether any disciplinary action was taken against the individual who accessed the suspect e-mail attachment.

A National Crime Agency investigation has been taking place into the incident, but no-one publicly has ever been brought to book with the cyber attackers almost certainly originating from overseas.

The scrutiny committee endorsed the report which will be presented to the council’s cabinet at its meeting in December.

Keep up to date with all the latest news on our website, or follow us on Facebook, Twitter and Instagram.

You can also follow our dedicated Teesside Facebook page for all the latest in the area by clicking here.

For all the top news updates from right across the region straight to your inbox, sign up to our newsletter here.

Have you got a story for us? Contact our newsdesk on or contact 01325 505054