FOI Request - Cyber Security

Request 101003532070

I am writing to politely request the following data under the terms of the Freedom of Information Act 2000 (FOIA) on cyber attacks affecting Moray Council. Where possible please provide data broken down by calendar year or failing that, by relevant 12-month period (e.g. 2021/22 2022/23 etc.) for which data is available.

1.  How many times has your organisation experienced an attempted cyber-attack in the last two financial years?

2.  Have you ever reported any cyber-related incidents to the NCSC and if so, how many in the last two financial years?

3.  Thinking about cyber-attacks where the criminal was able to obtain data or disable systems, how much have these cost the organisation?

4.  How much of the organisation’s total annual budget is spent on cyber support, protection and computer systems?

5.  How many people are employed by the organisation to oversee cyber support and programmes?

Response 16-04-2024

1. One

2. Yes; however, none in the last two years.

3. Nil

4.  Not held. There is no specific budget for cyber security.  There are elements of expenditure across a number of different categories in the financial management system e.g. software, hardware, and external services. Information that is not held falls under Section 17 of the Freedom of Information (Scotland) Act 2002 - Information not held.

5. Not held. There is no dedicated team for cyber programmes. These are undertaken by staff across most teams within ICT, and supported by other Council departments (e.g. Information Governance and Data Protection) as and when required.