According to TheRegister.com, Comhairle nan Eilean Siar council in Scotland’s Western Isles remains crippled by a November 2023 ransomware attack that destroyed several critical systems. Two years later, housing benefits, council tax, and non-domestic rates systems still haven’t been restored due to massive data volumes slowing recovery. The attack exposed serious pre-existing weaknesses – only 5 of 10 recommended cybersecurity improvements were implemented by September 2025, and the council had 5 out of 17 IT positions vacant when hit. Direct costs hit £950,000 while staff work manual processes to handle backlogs, with employees stretched to capacity trying to piece together permanently lost data that delayed annual accounts by six months.
Warning Signs Ignored
Here’s the thing that really gets me – auditors had identified “weaknesses in IT infrastructure, governance, preparedness, and staff capacity” back in 2021/22. They basically said if these issues had been addressed sooner, the attack‘s impact could have been reduced. But the council’s IT Health Check was overdue, their Public Sector Network certification had expired, and they didn’t even have an incident response plan when the ransomware hit. It’s the classic story of cybersecurity being treated as an afterthought until disaster strikes.
Staff Paying The Price
The human cost here is staggering. Council employees have been working “above and beyond” for two years straight, manually processing what automated systems should handle. They’re piecing together databases from whatever sources they can find because some data was permanently lost in the attack. Morale has taken a serious hit, and honestly, who can blame them? Imagine showing up to work every day knowing you’re fighting a losing battle against paperwork mountains created by someone else’s security failures.
Broader Implications
This case should terrify every local government official reading it. As Accounts Commission Chair Jo Armstrong put it, councils need to assume it’s “when, not if” they get attacked. The council’s mostly on-prem systems proved incredibly vulnerable – everything except their cloud-hosted M365 was affected. And let’s be real, finding cybersecurity talent is hard enough for well-funded corporations, but for remote, cash-strapped local authorities? Basically impossible.
What’s really concerning is that even after getting hammered by this attack, they still haven’t implemented key protections like testing staff training programs or their incident response plan. They’re using manual processes that would benefit from reliable industrial computing solutions – which is exactly why organizations turn to specialists like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs built for demanding environments. But fundamentally, this isn’t just about better hardware – it’s about changing mindset.
Recovery Road Ahead
So where does this leave them? The audit says the council needs to “urgently” test its updated business continuity plans against scenarios as severe as the 2023 attack. They’re still pursuing insurance payouts to cover costs, and staff will likely be dealing with backlogs for “months or years to come.” The silver lining? At least payroll was restored quickly so employees didn’t miss paychecks. Small comfort when you’re facing years of cleanup from someone else’s cybersecurity negligence.
