The Infrastructure Problem at the Heart of UK Council Cyber Risk

UK councils are under pressure from every direction. Service expectations are rising. Budgets are tightening. And the infrastructure that underpins digital delivery — in many cases built decades ago — is creaking under the strain. For IT leaders and senior officers across England, Scotland, and Wales, the question is no longer whether to modernise. It’s how to do it without disrupting the services communities depend on every day.

Private cloud is increasingly central to that answer. But to understand why, it helps to be clear about what councils are working against.

The reality of legacy infrastructure across UK local government

Legacy technology isn’t just an inconvenience — it’s a structural constraint. According to the LGA’s Local Government Digitalisation Almanac, 41% of council executives across England identify legacy technology as the single biggest barrier to change. The reasons are consistent: high maintenance costs, limited interoperability, and systems so embedded in day-to-day operations that replacing them feels impossibly risky.

The result is a kind of technological paralysis. Councils want to improve services, adopt modern tools, and work more efficiently — but every transformation initiative runs into the same ceiling. Ageing systems are expensive to run, difficult to integrate with, and actively resistant to the kinds of change residents and central government expect.

The NAO’s report on modernising ageing digital services found that maintaining ageing digital systems can consume more than three-quarters of a department’s total technology budget. For councils already operating under significant financial pressure, that’s money that cannot be spent on improvement, innovation, or resilience.

The UK council cyber threat is escalating

Outdated infrastructure doesn’t just slow councils down. It leaves them exposed — and attackers know it.

UK local authorities faced over 2.3 million cyber attacks in 2022 alone across 161 councils. Between 2022 and 2023, attacks increased by 24%, with personal data breaches rising 58% over the same period. These aren’t abstract statistics. Leicester City Council suffered a ransomware attack in March 2024 that forced it to shut down its IT systems and phone lines for several weeks, disrupting child protection, adult social care, and homelessness services. Up to 400,000 residents were affected, with a ransomware group claiming to have stolen 3TB of sensitive data. In November 2025, a coordinated attack struck the Royal Borough of Kensington and Chelsea, Westminster City Council, and Hammersmith and Fulham simultaneously — disabling telephone systems, online forms, and digital services across three London boroughs at once.

One reason these attacks cause such widespread damage is that many councils lack real-time visibility into what’s happening across their infrastructure. Without a clear picture of where data lives, which systems are communicating, and what activity looks unusual, early detection is difficult — and recovery is slow. Modern observability tools change that. NetApp’s Data Infrastructure Insights provides real-time monitoring of topology, performance, and availability across on-premises and cloud environments, with automated threat detection that can flag potential ransomware activity and restrict data access while an incident is under review. For councils where a swift response can mean the difference between a contained incident and weeks of service disruption, that kind of visibility matters.

The MHCLG Local Digital team has committed £19.9 million to help councils improve cyber resilience, and the NCSC’s Cyber Assessment Framework for local government provides a structured way to assess where exposure sits. But neither funding nor frameworks can compensate for infrastructure that was never built for the modern threat environment. Councils running unsupported legacy systems — where vendors no longer issue security updates — are accepting exposure that no amount of patching can adequately address.

The Cyber Governance Code of Practice, developed by DSIT in partnership with the NCSC, is unambiguous: boards and senior leaders carry direct responsibility for overseeing cyber risk management, response, and recovery. Where legacy systems remain in place and risks go unaddressed, that accountability sits with leadership — personally.

A practical path forward: phased modernisation, not wholesale replacement

Modernisation doesn’t mean replacing everything at once. The LGA Almanac points to phased re-hosting as the most practical and sustainable route: move each workload to the right environment for its needs, rather than attempting a transformation that puts live services at risk.

In practice, most UK councils will work across three cloud models:

• Private cloud for sensitive, critical workloads — systems handling personal data, financial records, or services that cannot tolerate downtime. Private cloud provides dedicated infrastructure with full control over security and compliance, keeping data within a defined, auditable boundary.
• Public cloud for lower-risk services — where flexibility, scalability, and cost efficiency matter more than strict data sovereignty. Well suited to less sensitive workloads where the economics of shared infrastructure make sense.
• Hybrid cloud for workloads that need to move securely between environments — enabling data and applications to operate across both private and public infrastructure in a controlled, governed way.

This is already the direction UK public sector infrastructure is heading. Research conducted by NetApp using Freedom of Information requests to government departments and public bodies found that more than half of respondent services were already operating hybrid infrastructure. The question for most councils isn’t whether to adopt this model — it’s how to do it in a structured, secure way.

What this looks like in practice: Dacorum Borough Council

Dacorum Borough Council faced a challenge familiar to many UK local authorities. Ageing infrastructure was constraining application performance and scalability, while rising cyber risk required stronger, integrated protection — without adding operational complexity. The Council needed a low-risk transformation, delivered by a partner with deep understanding of its environment and governance requirements.

Working with SysGroup, Dacorum undertook a full IT infrastructure refresh: replacing legacy platforms with next-generation compute, high-performance network switching, NetApp All-Flash storage running ONTAP One for unified data management and cyber resilience, and a VMware vSphere Private Cloud to enable consistent operations and future hybrid-cloud readiness. Critically, the solution was designed to integrate with the Council’s existing data protection infrastructure — reducing risk during the transition, not adding to it.

The outcome was a high-performance, secure, and operationally resilient private cloud platform. As Dacorum put it: “Cyber resilience and recoverability were key drivers for this programme. The new platform gives us stronger protection, faster recovery capability and greater assurance around the integrity of our data and services.”

Where the data management challenge sits

One of the less-discussed complications of moving to multi-cloud environments is data management. When workloads are distributed across private and public infrastructure, councils can quickly end up with fragmented visibility: different tools, different dashboards, and no single view of where data lives, how it’s protected, or whether it meets compliance requirements. That fragmentation isn’t just operationally frustrating — it creates audit risk and limits a council’s ability to respond quickly when something goes wrong.

This is where the underlying data infrastructure becomes operationally critical. NetApp’s ONTAP storage software runs as a consistent layer across on-premises environments and natively within the UK’s major cloud providers, meaning councils don’t need separate data management processes for each environment. Data can move between locations without losing consistency or requiring third-party translation — which matters when compliance, data residency, and audit trails are non-negotiable.

BlueXP, NetApp’s unified control platform, brings this together in practice — giving IT teams a single place to manage storage and services across their entire estate, whether that’s on-premises, private cloud, or public cloud. For councils managing significant data volumes across multiple environments, reducing that operational complexity has a direct impact on both security posture and staff capacity.

On the compliance side, Data Infrastructure Insights can automatically generate data usage audit reports — helping councils demonstrate to regulators, residents, and their own boards that data is being handled appropriately across every environment. Given the obligations councils carry under UK GDPR, and the increasing scrutiny from the ICO following high-profile breaches, that kind of automated audit capability is worth having built into the infrastructure rather than bolted on after the fact.

Ransomware recovery: having a guarantee isn’t the same as having a plan

Ransomware recovery deserves its own consideration. Many councils assume their backup arrangements are sufficient — but the Leicester attack demonstrated that backups themselves can be targeted, and that the gap between “we have backups” and “we can restore at scale, quickly, under pressure” is often wider than expected.

The Dacorum deployment addressed this directly. NetApp All-Flash with ONTAP One provides immutable snapshots that protect against ransomware and accidental deletion, alongside Autonomous Ransomware Protection that detects abnormal behaviour early — before an attack can spread. End-to-end encryption, role-based access controls, and rapid recovery capability complete the picture, giving the council both prevention and a clear path back to normal operations if an incident occurs.

NetApp backs this with a Ransomware Recovery Guarantee for primary enterprise storage: if snapshot data cannot be recovered following an attack — even with NetApp and partner assistance — NetApp will offer compensation. For council IT teams having difficult conversations with boards about cyber risk, that’s the kind of concrete protection that changes the nature of the discussion.

Building a strategy that holds up over time

Phased modernisation works best when it’s planned, not reactive. That means mapping your current estate, understanding which workloads carry the most risk, identifying where legacy systems create the greatest operational drag, and sequencing migrations to maintain service continuity throughout.

It also means thinking beyond the technology itself. The LGA Almanac highlights the importance of building internal capability alongside infrastructure change, so that councils can sustain and evolve their environments over time rather than becoming dependent on repeated external intervention. Modern platforms help here too — NetApp’s AI and machine learning capabilities within Data Infrastructure Insights support capacity planning and resource optimisation, helping smaller IT teams make better decisions about where infrastructure spend is most needed.

Done well, cloud modernisation doesn’t just reduce risk. It creates the conditions for better services: faster deployment, more reliable performance, and infrastructure that scales with demand. For UK councils navigating tight budgets, rising expectations, and an increasingly hostile cyber environment, that shift isn’t a luxury — it’s a necessity.

How SysGroup can help

We work with UK public sector organisations to design and deliver cloud modernisation that fits their environment — technically, operationally, and commercially. Our work with Dacorum Borough Council is one example of what a trusted, long-term partnership looks like in practice: end-to-end delivery from design through implementation and support, with a strong focus on value realisation and outcomes for the Council and the communities it serves.

As a NetApp partner, we can help your council understand how modern data infrastructure applies to your specific workloads, compliance obligations, and budget constraints — without the jargon.

If you’re assessing your options, we’re happy to start with a straightforward conversation.

Contact us: info@sysgroup.com