Skip to content
Contents

Cyber Security Incidents – last 5 years

Reference: 24-25302

Date response sent: 13/11/2024

Details of enquiry

  1. How many cyber attacks (incidents) did your trust experience in the last 5 years?
  2. If these statistics are available within the cost limit, please provide a breakdown of the incident types, for example:
  • Phishing attacks
  • Ransomware attacks
  • Distributed Denial of Service (DDoS) attacks
  • Data breaches
  • Malware attacks
  • Insider attacks
  • Cloud security incidents
  • Social engineering attacks
  • Zero-day exploits
  1. How many incidents over the last 5 years resulted in a notification to the Information Commissioner’s Office?

Response sent

  1. How many cyber attacks (incidents) did your trust experience in the last 5 years?

Data withheld under S31a of the Freedom of Information Act 2000 (FOIA) – see below for details on the application of this exemption

  1. If these statistics are available within the cost limit, please provide a breakdown of the incident types

Data withheld under S31a of the Freedom of Information Act 2000 (FOIA) – see below for details on the application of this exemption.

  1. How many incidents over the last 5 years resulted in a notification to the Information Commissioner’s Office?

One, that was however sustained by a system supplier of ours.

 

FOIA Exemption s31(a), Explanation and Public Interest Test

With regards to the above exemptions engaged for questions 1 and 2, under s.31(a) of FOIA, – Law Enforcement: the prevention or detection of crime, this is a qualified exemption that requires the authority to carry out the public interest test.

We have carried out the public interest test and have set out below the public interest arguments which we have considered for each of question 1 and question 2 above:

Arguments in favour of disclosure:

Promoting accountability and transparency on how public funds are utilised and spent

Arguments in favour of maintaining the exemption:

The Trust has a duty to ensure that its information systems and assets are kept secure

Disclosure of the requested information could facilitate criminal activity, in particular cybercrime, and especially when combined with other information already in the public domain or which could be gleaned from other sources, including any information that the Trust has previously provided or may be forced to disclose in the future.

Disclosure of the requested information could, therefore, increase vulnerability to malicious attack, including the corruption or loss of data, software, hardware or other equipment, which would impact on the Trust’s ability to provide essential services

These vulnerabilities could extend to suppliers on whose services the Trust relies.

Weight of Balance

We have concluded that, on balance, the public interest in maintaining the exemption outweighs the public interest in disclosure. This means that the Trust will withhold the requested data.

 

 

Back to top