The Curious Absence of Cyber in Local Government Technology Strategy

Leave a Reply

A forthcoming Local Government Strategy Forum event highlights the technology investment priorities of councils representing nearly £2 billion in budgets. The data shows strong interest in AI, automation and service transformation, but no explicit mention of cybersecurity or risk management. This article explores what that absence reveals about how local government frames technology strategy, and why resilience often remains invisible in leadership investment narratives.

Contents

Table of Contents

1. Introduction

In June 2026, the Local Government Strategy Forum will bring together senior leaders from councils representing nearly £2 billion in combined budgets. The forum positions itself as a place where decision-makers discuss investment priorities and meet technology vendors offering solutions to the sector.

The forum, organised by Strategy Networks, convenes senior local authority leaders alongside technology suppliers to discuss investment priorities and digital transformation across the sector, more here: https://www.localgovstrategyforum.com/

Ahead of the event, forum organisers circulated a summary of the top investment areas among delegates, providing a snapshot of the priorities reported within the participating group. The list offers a revealing snapshot of how senior local government leaders currently frame technology strategy.

The investment priorities are striking:

Investment AreaPercentage of Delegates
Artificial Intelligence (AI)71%
Service Improvement44%
Change Management44%
Business Intelligence38%
Performance Management37%
Automation36%
Data & Information Management35%
Chatbots / Live Chat32%
Big Data Analytics31%
Service Redesign27%
Table 1: UK Local Government Key Investment Areas 2026 – data from Local Gov Strategy Forum

What stands out immediately is not what appears on the list.

It is what does not.

There is no mention of:

  • Cyber security
  • Cyber resilience
  • Risk management
  • Operational resilience
  • Information assurance
  • Governance

In a sector responsible for critical public services and sensitive citizen data, the complete absence of cyber or risk language in these investment priorities is striking.

2. Transformation Dominates the Narrative

Looking at the list, every item sits within a single strategic frame: service transformation.

The dominant strategic themes are:

  • improving services
  • increasing efficiency
  • digitising interactions
  • deploying new technology

Artificial intelligence leads by a considerable margin, with 71% of delegates actively investing in AI. That level of interest is higher than any other category by a wide margin.

Behind it sit a cluster of transformation-oriented initiatives:

  • Service Improvement (44%)
  • Change Management (44%)
  • Automation (36%)
  • Service Redesign (27%)

Taken together, the list suggests a sector under pressure to do more with less, focusing investment on tools that promise productivity gains and digital service delivery.

That is understandable. Local authorities face sustained financial constraints and increasing service demand. Digital transformation has been positioned for years as a key route to efficiency.

But the list also reveals something else.

The strategic conversation is framed almost entirely around capability and innovation, rather than resilience.

3. Cyber Remains Invisible in the Leadership Narrative

Cybersecurity does not appear anywhere in the investment areas listed by the forum organisers.

This absence does not mean cybersecurity is being ignored nationally. The UK government and the National Cyber Security Centre have both increased support for public sector resilience in recent years, but these efforts often remain framed as operational controls rather than visible strategic investment themes.

And this does not necessarily mean councils are not spending on cybersecurity. Most local authorities do maintain security functions and invest in defensive capabilities.

What the list suggests instead is that cyber is not being framed as a strategic investment theme at the leadership level.

It is absent not just as a top priority, but from the conversation entirely.

This reflects a common pattern across many sectors.

Cybersecurity is often treated as: an IT operational responsibility, infrastructure hygiene, and a compliance requirement. Rather than a strategic capability tied to service resilience.

This reflects a broader organisational pattern discussed in my earlier essay IT: Plumbing or Business Development?, which examines the tension between foundational infrastructure and innovation-driven technology programmes. When technology strategy becomes dominated by transformation initiatives, foundational concerns such as reliability, resilience, and security are easily relegated to the background, even though they underpin everything else.

In many organisations, cyber budgets sit within IT departments rather than alongside transformation or innovation programmes. As a result, cyber investment often disappears from the strategic narrative even when it exists operationally.

Yet the risks are not theoretical.

Local authorities manage critical services including housing, social care, planning, and benefits. Disruption to digital systems can halt essential public functions and expose sensitive citizen data.

Despite this, cyber risk rarely appears alongside transformation initiatives in leadership investment discussions.

The data from this forum provides a small but telling example of that dynamic.

4. AI Enthusiasm Ahead of Governance

The most striking figure in the list is the 71% of delegates investing in artificial intelligence.

AI tools promise efficiency, automation, and improved decision support. For organisations facing budget pressure, those promises are understandably attractive.

As discussed in my earlier article Unable to Load Conversation: Why ChatGPT Is Not Infrastructure, real-world failures already demonstrate how fragile these systems can be when treated as operational infrastructure rather than experimental tools.

But the absence of risk-related investment categories alongside AI is noteworthy.

The list includes: AI, automation, big data analytics, and chatbots. But not: AI governance, security assurance, data protection risk, nor system resilience.

This reflects a broader trend visible across many sectors: AI adoption is accelerating faster than governance frameworks are developing.

This mirrors a pattern explored in my earlier analysis “When Adoption Becomes the Goal, Risk Becomes Invisible by Design”, which argues that organisations frequently optimise for uptake and visibility rather than control, validation, and accountability.

The forum data suggests that local government may be experiencing the same dynamic.

When innovation leads, and governance follows, organisations can find themselves deploying complex systems before they fully understand the operational risks.

Local government is unlikely to be unique in this regard. But the data highlights how strongly the sector’s technology narrative currently emphasises innovation and service improvement over resilience.

5. The Language of Investment Matters

Another revealing aspect of the investment list is the language used.

Every category is framed in positive capability terms: improvement, intelligence, automation, and redesign. There is no language associated with threat, resilience, risk, or protection.

Strategic priorities are not just about what organisations do; they are also about how they describe what they do.

When risk language disappears from strategic investment discussions, it often indicates that resilience is being treated as a background function rather than a leadership concern.

The absence of cyber in this list may therefore be less about budgets and more about how the sector conceptualises technology strategy.

Innovation is visible.

Resilience is assumed.

This does not mean cybersecurity is absent from local government operations, but it suggests it remains largely absent from the strategic narrative used to frame technology investment.

6. Conclusion: A Signal Rather Than an Anomaly

The Local Government Strategy Forum is, in many ways, a typical industry event. Its structure, pre-qualified meetings, vendor networking, case studies and roundtable discussions, reflects the wider ecosystem in which technology suppliers and public sector leaders interact.

In that context, the investment list serves a purpose: it signals where suppliers should focus their offerings.

But it also reveals something deeper.

The priorities highlighted by the forum organisers suggest that, at least in the narratives used to frame investment discussions, local government technology strategy is currently dominated by transformation, automation, and artificial intelligence.

Cybersecurity, despite its importance, remains largely invisible in that framing.

Whether that reflects genuine under-investment or simply the way priorities are described is open to interpretation.

Either way, the absence is noteworthy.

Sometimes what is missing from the list tells you more than what appears on it.