The most recent audit from the Sindicatura de Comptes highlights significant cybersecurity shortcomings at the Alcoy City Council and calls for immediate corrective action. The report aligns with the National Security Plan and urges the council to elevate its information security measures to meet essential protection standards for information systems. While some progress has been noted compared with the 2019 assessment, the authority emphasizes that recommendations have only been partially implemented and that more work is needed to reach robust protections.
In terms of a general maturity index for core cyber defenses, the latest figures show a modest improvement from the 2019 level. The index rose from 48.8 percent to 51.7 percent, yet this still reflects a weak security posture by recognized benchmarks. The council is portrayed as lacking a comprehensive cybersecurity management program, with gaps in governance, resource allocation, and operational controls. Senior bodies are urged to reinforce support for human and budget resources dedicated to information security, particularly for those tasked with oversight and enforcement. The audit also highlights a very low adherence to applicable information security laws and regulations, underscoring a need for stronger compliance mechanisms.
Regarding the National Security Plan, the council is advised to clearly appoint individuals to key security roles and establish an information security committee. The Sindicatura offers a set of concrete recommendations to address identified deficiencies and strengthen the city’s cybersecurity governance. Among these, it is advised to complete the rollout of access restrictions that prevent unauthorized physical devices from connecting to the corporate network, to review and update systems that have fallen out of support, and to finalize and formally approve procedures for managing users with elevated access privileges. The guidance is meant to create clearer ownership and accountability for security decisions and to reduce the risk surface associated with privileged access.
The Sindicatura has continued monitoring of the council’s core cybersecurity controls in light of the issues raised in the 2019 audit. Public administrations and their interlinked networks face growing exposure to cyber threats as digital connections expand. This reality heightens the risk to information systems that support essential public services and the information those systems protect. Local governments have already been among the most frequently targeted entities during cyber attack campaigns, making these findings especially timely for city managers and security teams across North America as well as around the globe. The report stresses that improving cyber resilience is not optional; it is a governance and operational imperative for ensuring continuity of services, protecting sensitive data, and maintaining public trust. Agencies in Canada and the United States can draw practical lessons from this assessment, including adopting stronger identity and access controls, ensuring timely software updates, enforcing rigorous asset management, and aligning security practices with recognized standards such as the NIST cybersecurity framework and ISO 27001 when applicable. This alignment supports better risk management, clearer accountability, and more resilient information systems for the public sector. The audit ultimately reinforces the message that proactive, well-funded cybersecurity programs deliver tangible value by reducing the likelihood and impact of cyber incidents on city services and residents.