Wandsworth Council is under scrutiny after auditors revealed serious cybersecurity vulnerabilities and weak financial controls that could put taxpayer funds and personal information at risk.
The latest audit report [pdf] highlights gaps in the council’s ability to protect sensitive financial data, with key members of the audit committee raising concerns over the borough’s preparedness for cyber threats.
Cybersecurity Risks Raise Red Flags
The council’s cybersecurity defences were flagged as a high-risk area, with auditors identifying critical weaknesses in the protection of financial data and IT systems; systems that contain data of huge value which could put Wandsworth residents at risk from fraud and scams. The audit also highlighted as “high risk” key IT controls in business-critical areas.
When one councillor asked about a different risk area – information governance and security – and whether the review included cybersecurity they were told: “Not specifically, no.” This exchange raised concerns that cybersecurity is not being prioritised, despite growing threats to public sector institutions from hackers.
In September last year, Transport for London (TfL) suffered a cyber-attack that compromised the personal data of approximately 5,000 customers, including home addresses and bank account details.
Then in October 2024, the pro-Russian hacktivist group NoName057(16) targeted multiple UK local authorities with 13 local councils compromised, resulting in service disruptions for six councils.
These incidents underscore the critical need for UK local governments to strengthen their cybersecurity defenses to protect sensitive data and maintain public trust and led last year to the creation of a new “Change and Innovation” department within Wandsworth Council that is supposed to focus specifically on these issues.
Financial Controls Under Fire
In addition to cybersecurity gaps, auditors also raised concerns over the reliability of the council’s financial systems.
The report flagged weak audit trails and difficulties in tracking financial transactions, making it harder to detect fraud or misstatements. Auditors noted that “there remains a risk that material misstatements due to fraud or error may not be prevented or detected” .
The lack of oversight was further emphasised when it was revealed that “management override of controls remains a risk in the absence of a robust control environment” . These findings suggest that the council’s financial management lacks the necessary safeguards to prevent financial mismanagement or potential misconduct.
Calls for Immediate Action
With both cybersecurity and financial controls under scrutiny, auditors have urged the council to take swift action. The committee discussion made it clear that gaps remain in the council’s ability to respond to risks.
Recommendations include:
- Strengthening cybersecurity protocols to protect financial data.
- Implementing stricter audit trails to track financial transactions accurately.
- Ensuring stronger internal controls to mitigate the risk of fraud or financial errors.
As cyber threats and financial risks loom over Wandsworth Council, the borough faces increasing pressure to reinforce its security measures before a crisis unfolds.
