Agenda and minutes

            Apologies for an inability to attend were received from Alderman Haire and Councillor Newton. 

            The minutes of the meeting of 13th October were taken as read and signed as correct.  It was reported that those minutes had been adopted by the Council at its meeting on 1st November.

            No declarations of interest were reported.

The schedule of meetings for 2023 was agreed as follows:

·        Thursday 12th January at 5.15 pm

·        Thursday 9th February at 5.15 pm

·        Thursday 9th March at 5.15 pm

·        Thursday 6th April at 5.15 pm

·        Thursday 8th June at 5.15 pm

·        Thursday 10th August at 5.15 pm

·        Thursday 14th September at 5.15 pm

·        Thursday 12th October at 5.15 pm

·        Thursday 9th November at 5.15 pm

·        Thursday 7th December at 5.15 pm

            The Chair welcomed Mr. Paul Gribben, Head of Digital Services to the Committee.  The Head of Digital Services opened his presentation by giving the Committee the background to cyber risk.  He said that BCC was facing a growing cyber threat that would have severe organisational impacts.  Due to fast changing network architectures, rise in flexible working, many more devices connecting outside corporate network, growing use of personal devices, growing use of Cloud services, increase in data sharing with other organisations, huge jumps in the number of phishing attempts and concentrated scans of our network.  He explained that cyber security was the Council’s most critical risk.  Consequently they had to become much more rigorous about the security controls they applied and there would be a greater role for Chief Officers and Elected Members around the ownership and accountability of this risk.

            He went on to outline a number of alarming facts as detailed below:

1.     The average time to identify a breach in 2020 was 207 days

2.     And the average lifecycle of a breach was 280 days from identification to containment – (Hackney Council - £12M – Data Leaked)

3.     The main attacks were – Ransomware; Phishing, 3rd Party Account Compromise, Denial of Service and mis-configuration

4.     Human intelligence was the best defence against phishing attacks

5.     95% of cybersecurity breaches were due to human error

6.     Over 77% of organisations didn’t have a Cyber Security Incident Response plan

7.     ***Total cost for cybercrime committed globally - $6 trillion 2021

            The Head of Digital Services went on to outline to the Committee the Cyber Security Strategy and approach in Belfast City Council and detailed the key controls used to mitigate the cyber risk.  He detailed the change that would be needed, the security decisions and actions and the security programme that would be undertaken in the coming years. 

            The Committee noted the contents of the presentation.