Backup and Disaster Recovery for Councils: Recovering from Ransomware Without Paying
Hackney Council took approximately two years to fully recover from the 2020 Pysa ransomware attack. Redcar and Cleveland's recovery cost an estimated £11 million. In both cases, inadequate backup and disaster recovery capabilities turned a cyber incident into a multi-year operational crisis. Councils with tested, immutable backups recover from ransomware in days — not years.
Councils with tested immutable backups recover from ransomware in days. Those without can face years of disruption and millions in recovery costs.
What Makes Council Backups Ransomware-Proof
Standard backups are vulnerable to ransomware — attackers specifically target and encrypt backup systems before deploying ransomware on production systems. Resilient council backups must be:
- Immutable — backups that cannot be modified or deleted for a defined retention period
- Air-gapped or offline — backups not accessible from the council network during normal operations
- Encrypted — backup data protected against theft and disclosure
- Geographically separated — offsite backups that survive a physical disaster at the council's primary location
- Tested — recovery procedures verified regularly, not just assumed to work
Recovery Time and Recovery Point Objectives
Every council should define Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for critical systems. RTO defines how quickly a system must be restored; RPO defines how much data loss is acceptable. For critical systems like revenues and benefits, RTOs of hours rather than days are typically required to maintain essential services to residents.
Testing Council Disaster Recovery
Backup systems that have never been tested are assumptions, not resilience. Councils should conduct regular recovery tests — restoring systems from backup in a test environment — at least annually for critical systems. Tabletop exercises that simulate a ransomware incident should be part of the council's incident response programme.
Frequently Asked Questions
What is the 3-2-1 backup rule and does it apply to councils?
The 3-2-1 rule recommends three copies of data, on two different media types, with one copy offsite. For councils, this means: primary data on council systems, backup on separate storage (NAS or cloud), and offsite backup either physically removed or in a separate cloud region. Critically, at least one copy should be immutable — unable to be modified by ransomware.
How often should councils test their disaster recovery procedures?
NCSC guidance recommends testing recovery from backup at least annually for all critical systems. Many councils test quarterly for their most critical systems. Tests should cover the full restoration process — not just checking that backups exist, but actually restoring systems in a test environment and verifying that applications function correctly after restoration.
Review your council's backup and recovery capability
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.