SOME Dorset Council staff are putting the authority at risk of cyber attack by not undertaking mandatory training.

Significant numbers of staff have not completed training on cyber security and data protection.

Independent advisor Simon Roche told councillors that the training is mandatory and suggests that staff not completing courses should be penalised.

He has also called for mandatory training to be extended for staff involved in key areas of council work where fraud could be an issue.

Service manager Marc Eyres admits the authority has had 'a challenge' with getting staff to fully comply with the training it offers – which, he said, will be one of the topics at a senior management team meeting next month.

Figures provided for a council audit and governance committee on Monday evening show that around thirty per cent have not completed some mandatory training, including cyber security.

The figure comes as data shows that cyber attacks on councils are known to have increased by 24 per cent between 2022 and 2023, with evidence that the figure is continuing to accelerate – classified as "extreme risk" in the council's risk register.

Said Mr Eyre in a report to the committee: "Cyber security training is mandatory for all officers and councillors, and is delivered via small bitesize modules to ensure that the content remains relevant to the most current threats. At the time of writing this report whole authority compliance is at 73%."

His report also tells councillors that the authority does not have some measures in place, which it could have, to reduce further the likelihood and impact of a successful attack.

Concerns have also been raised over data breaches by council staff – up from 295 incidents in 2022 to 376 in 2023, three quarters of the cases relating to email.

Many to these involve emails going to the wrong people; too many people being included; cases of personal data being wrongly shared and the wrong attachment being added.

As with cyber security data protection is also a mandatory training area – where 84% of staff have taken the training.

Cllr Jill Haynes, the previous portfolio holder, said she was concerned that mandatory training was not being undertaken, reminding the committee that it only took one person to make a mistake for the council's security to be breached.

Committee chairman Cllr Gary Suttle said he expects to see improvements, warning that it could get tougher for those who don't do what they are supposed to.