196501-382681 FOI IT

Short Description
Cyber Security
Reference number
FOI196501-382681
Date
25/07/2023
Request

1. Is IT loss or disruption due to cyber-attacks included in your business continuity plans?
a. Yes
b. No

2. Does your organisation have a corporate response to a cyber-attack or does the level of response depend on what has been affected? E.g: if a single service has been impact, would a service-specific plan be activated, or would it be a council-wide response?
a. Corporate-wide response
b. Service-specific response
c. Other, please provide details below:

3. Has your organisation tested its Business Continuity Plans with a cyber-attack scenario within the last 5 years?
a. Yes
b. No

4. If yes, what did you learn?

5. Have you read or reviewed the updated National Cyber Security Strategy published in February 2022?
a. Yes
b. No

6. Does your organisation offer training to your employees regarding cyber security? If no, please skip to
a. Yes
b. No

7. If yes, how often are your staff required to undertake the training?
a. Everytime there’s a security breach
b. Monthly
c. Every 2-6 months
d. Yearly
e. Other, please provide detail below:

8. Do you feel that cyber-resilience is part of the culture of your organisation?
a. Yes
b. No

9. If not, what makes you feel this way?

2. Who provides your IT services?
a. In-house team
b. Contractor
c. Another local authority
d. Other, please provide details below:

3. Who manages the cyber-security for your organisation?
a. In-house team
b. Contractor
c. Another local authority
d. Other, please provide details below:

4. What kind of security measures does your organisation use to mitigate the risk of a cyber-attack? Please check all that apply.

If your cyber security is outsourced, please skip to question 5.

Please do not give specific information about suppliers or names of programmes that are used
a. VPN
b. Multifactor authentication
c. Encrypted USB dongle
d. Firewall
e. Regular systems scans
f. Other, please provide details below:

5. If you outsource your cyber security, what principal functions do they provide?
a. VPN
b. Multifactor authentication
c. Encrypted USB dongle
d. Firewall
e. Regular systems scans
f. Other, please provide details below:

6. How many cyber-attack events per year has your organisation experienced since 2019? If 0 for all years, please skip to question 11.
Year Number of attacks
0 1-5 6-10 11-15 16-20 20+
2019
2020
2021
2022

7. How many of these attempts “successfully” breached your cyber-security system(s)?
Year Number of attacks
0 1-5 6-10 11-15 16-20 20+
2019
2020
2021
2022

8. Of those breaches, approximately how long was your organisation impacted for? Please put the total for the whole year
Year Number of attacks
0 1-13 days 2-7 weeks 2-6 months 6-11 months 1year+
2019
2020
2021
2022

9. What types of cyber-attacks has your organisation experienced between 2019-2022? Please check all that apply.
If the answer is None, please skip to question 11
a. Malware
b. Ransomware
c. Phishing
d. Spear-phishing
e. Brute force
f. Zero-day
g. Denial of Service (DoS)
h. Distributed Denial of Service (DDoS)
i. Other, please provide details below:

10. Please list the impacts you experienced during the cyber-attacks:

11. Do you feel that cyber-resilience is part of the culture of your organisation?
a. Yes
b. No

12. What makes you feel this way?

13. Is your organisation insured for the loss of data or income that has been caused by a cyber-attack?
a. Yes
b. No

14. Have you or your IT/cyber-security service provider noticed an increase in cyber attack attempts around public holidays or significant world events (e.g VE day, Jubilee, Coronation, bank holidays, sporting events etc?
a. Yes
b. No

15. If yes, please provide more details

16. Is your organisation fully digitised or in the process of doing so? If no, please skip to question 18
a. We’re fully digitised
b. We’re working on it
c. No

17. If you are fully digitised or are in the process of digitising, what was the reason for doing so? Please check all that apply
a. Support and encourage flexible working
b. Expanding or improving data and information security
c. Corporate transformation strategy
d. Office space transformation
e. Financial savings
f. All of the above
g. Other, please provide details below:

Response