top of page

Cybersecurity Audit: Learning from Failures

  • Crista Cooper
  • Oct 31
  • 2 min read
ree


The City’s Auditor General has released Phase 1 of the Cybersecurity Follow-Up Audit, shedding light on what led to Hamilton’s February 2024 cyberattack. The findings are both clear and frustrating: serious security issues were identified as far back as 2021, but weren’t addressed in time to prevent the breach.

 

The audit outlines six major failures:

 

  • Chronic understaffing in IT security

  • Frequent leadership turnover

  • Lack of follow-through on 2021 recommendations

  • No centralized cybersecurity governance

  • Weak risk management practices

  • Inadequate staff training - no formal updates since 2020

 

So far, recovery from the attack has cost the City $18.3 million - funds that could have supported roads, recreation, and other vital services in Ward 11 and across Hamilton.

In response, Council has approved proper funding for cybersecurity staffing and systems. New leadership is now in place, recruitment is underway, and stronger security protocols are being implemented.

 

This is just the beginning. Phase 1 is the first of four reports. The next three will examine:

 

  • How the breach was managed

  • Whether the new security plan is sufficient

  • If the financial strategy behind it is sound

 

Why It Matters to Ward 11

 

When city systems go down, everything from building permits to recreation registration to road maintenance requests is affected. If you tried to access city services online in 2024, you likely felt the disruption firsthand - and you’re now helping fund the recovery through your property taxes.

 

Investing in cybersecurity is not just a technical issue - it’s a financial one. Preventing attacks is far less costly than recovering from them. Spending $18.3 million to fix a problem we knew about and could have prevented is simply not responsible. Residents are already paying enough. We cannot afford another failure like this.

 

This report is frustrating because we had three years of warning and still didn’t act fast enough. Residents deserve better. I’m committed to holding the current administration accountable and ensuring cybersecurity remains a top priority. This is about protecting your data, maintaining essential services, and being responsible stewards of taxpayer dollars.

For more information: Hamilton.ca/audit

 
 
 

Comments

bottom of page