Skip to content
Contents

Cyber security Budget 2017-22

Reference: 23-24278

Date response sent: 10/10/2023

Details of enquiry

  1. In 2023, what annual cybersecurity budget has been allocated to your NHS Trust?
  2. Can you also provide your Trust’s annual cybersecurity budget for the years:
    1. 2022
    2. 2021
    3. 2020
    4. 2019
    5. 2018
    6. 2017
  3. In 2023, how is your annual cybersecurity budget spent:
    1. What percentage goes towards cybersecurity training for employees?
    2. What percentage goes towards technology investments?
    3. What percentage goes towards employee resources for your cybersecurity team?
  4. How many employees work in your NHS Trust?
  5. How many employed, full-time members of staff make up your NHS Trust’s cyber/infosecurity team?
  6. How many hours of cybersecurity training are employees of your NHS Trust required to undertake every year?
  7. Has your NHS Trust paid any ransom demands to cybercriminals in the last five years?
    1. If yes, how much did you pay in total?
  8. Has your NHS Trust had any patient records compromised / stolen by cybercriminals in the last five years?
    1. If yes, how many records were compromised / stolen?

Response sent

  1. In 2023, what annual cybersecurity budget has been allocated to your NHS Trust?

This is not a separate budget, it is included within the whole IM&T budget

  1. Can you also provide your Trust’s annual cybersecurity budget for the years:
    1. 2022
    2. 2021
    3. 2020
    4. 2019
    5. 2018
    6. 2017

Not applicable.  See our response to Q1 above

  1. In 2023, how is your annual cybersecurity budget spent:
    1. What percentage goes towards cybersecurity training for employees?
    2. What percentage goes towards technology investments?
    3. What percentage goes towards employee resources for your cybersecurity team?

Not applicable.  See our response to Q1 above

  1. How many employees work in your NHS Trust?

This information is publicly available and may be reached via the following link:   https://digital.nhs.uk/data-and-information/publications/statistical/nhs-workforce-statistics

  1. How many employed, full-time members of staff make up your NHS Trust’s cyber/infosecurity team?

We do not have a dedicated Cyber security/Information Security Team.  Cyber Security and information security tasks are undertaken as part of the Business as Usual activities of the ICT Infrastructure Team and the Information Governance Team.

  1. How many hours of cybersecurity training are employees of your NHS Trust required to undertake every year?

Annual average is 4-5 hours per year, but varies (upwards) according to launches of additional cyber training/awareness programs.

Additionally, all new starters undertake a mandatory cyber security session, which must be refreshed every 3 years, in addition to all other cyber security training.

  1. Has your NHS Trust paid any ransom demands to cybercriminals in the last five years?
    1. If yes, how much did you pay in total?

No

  1. Has your NHS Trust had any patient records compromised / stolen by cybercriminals in the last five years?

No

Back to top