I am writing under the Freedom of Information Act 2000 to request information about cyber-attacks and cyber security incidents affecting your authority. Specifically, I am asking the following for each year since 2013:
Please note: We are using the following definitions in accordance to guidelines given by the National Cyber Security Centre (NCSC).
a malicious attempt to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means
Cyber security incident : a breach of a system’s security policy in order to affect its integrity or availability or the unauthorised access or attempted access to a system
1. Please provide details of how many cyber-attacks to computer systems, networks or devices have taken place.
2. Please provide details of how many cyber security incidents caused internal systems or devices to be infected or for services to be affected.
3. How many times have you reported cyber security incidents to:
c) Information Commisioner’s Office (ICO)
d) Other, please provide detail
4. How many cyber security incidents have caused the loss/breach of data?
5. Please provide details of the cyber security awareness training provided to staff.
6. Please detail the number of staff trained in cyber security awareness.
7. Please detail what percentage of the annual budget has been allocated towards:
a) securing IT-systems and networks against cyber-attacks
b) training staff in cyber security awareness
I understand under the Freedom of Information Act that I am entitled to a response within twenty working days. I would be grateful if you could confirm this request in writing as soon as possible.
No Cyber-attacks have manage to get through our cyber security, we are not aware of any specific direct cyber-attacks to our organization