94% of councils are not running the most up-to-date version of Java, leaving them vulnerable to cyber attacks, according to a Freedom of Information request.

Supplier Avecto found that 55% of council are currently using Java 6 – a version that has not had mainstream support since February 2013.

Around 55% have some software running on Java 7, support for wich ends in April 2015, with only 6% using Java 8, the most up-to-date version.

Avecto executive vice president Paul Kenyon said: “With such a large market share combined with large volume of vulnerabilities and unpatched users, Java has created the perfect security storm which is causing a challenge for councils.

“Java needs frequent maintenance with security patches needing to be rolled out regularly.”

Java is one of the top targets of cyber criminals. According to the a 2014 cyber threat report by IBM, half of all exploits target Java.

He added that unsupported versions are “essentially an open door” to cyber criminals who can gain entry to systems via outdated applications or web browsing.

“Since councils handle a huge amount of sensitive data, it’s critical to ensure it doesn’t fall into the wrong hands,” he added

He said that councils citing compatibility issues for failing to update to the latest versions are not an excuse for running unsupported software, particularly when councils are given plenty of notice by the vendor.

Kenyon also called for staff training and the introduction of proactive technologies to encourage greater layers of security to protect councils between software updates.

Avecto sent out FOI requests to 46 councils in England during late 2014 and early 2015. 31 of the 46 councils responded. Of these, two councils were not willing to answer due to “concerns around cyber security”.