2025 CCoE Cyber Security Report for Local Authorities

The Cyber Centre of Excellence (CCoE) has released its third annual free passive scan report for UK local authorities. The report, created using Hexiosec’s attack surface management tool, helps authorities assess their online vulnerabilities, and this year includes new deep and dark web scan insights (via Onca Technologies). 

Key features of the 2025 report include: 

• Assesses vulnerabilities found via IP/domain scans. 

• Identifies exposed email credentials (plain text, hashed, or none). 

• Includes comparative scores (1 to 5) for four key areas. 

• Provides year-on-year comparisons (2023–2025) and regional/national benchmarking. 

• Highlights top 20 vulnerabilities and fixes for each council. 

“Increasingly, local authorities across the UK are being deliberately targeted as entry points for attackers aiming to disrupt essential services, erode public trust, and exploit emerging technologies. These threats are no longer theoretical. Every day, the lines between global conflict and local vulnerability blur further.” explained Kurtis Toy, Chief Executive of the CCoE.   

He further emphasised the importance that local government strengthens cyber defences amidst rising threats by downloading their reports to empower councils to take further action against hidden vulnerabilities in their security. 

Common vulnerabilities include outdated software, misconfigured systems, and legacy servers. CCoE emphasises the report as one part of a broader cyber strategy, not a full security evaluation.  

The CCoE is committed to conducting the exercise annually for the foreseeable future. “We are aiming to provide an objective annual spot check to help ensure that the systems and processes local authorities already have in place are working to their expectations. The feedback we got from local authorities last year was either that they were grateful or that they were reassured. This is entirely sponsored by the CCoE as a research exercise and as a helping hand. We have again included the recommendations in the report of where vulnerabilities are and how to fix them.”  

 Click here to download a free copy of your report or contact the CCoE to request a copy of your organisation’s report at enquiries@ccoe.org.uk  

Written by Kurtis Toy, CISSP, CEO of the Cyber Centre of Excellence, and CEO and Lead vCISO of Onca Technologies. Edited by Kyle M.