Freedom of information response

Cyber Attacks

Publication date: 
Monday 7 October 2019
Request: 

1. Has the council experienced an attempted cyber-attack in 2019? Please answer yes or no.
2. How many attempted cyber-attacks has the council experienced in 2019 (up to 30.06.2019), 2018 (full year) and 2017 (full year)?
3. Has the council experienced a cyber-attack in 2019 that resulted in a loss? Please answer yes or no.
4. How many cyber-attacks has the council experienced in 2019 that resulted in a loss (up to 30.06.2019), 2018 (full year) and 2017 (full year)?
5. Please state the cost to the council of the cyber-attacks that the council experienced in 2019 (up to 30.06.2019), 2018 (full year) and 2017 (full year)
6. Does the Council purchase insurance via an insurance broker? Please answer yes or no.
o If so, from who?
7. For the year 2018/19 does the Council purchase Cyber Insurance? Please answer yes or no.
o If so, what is the name of the insurer?
8. Please state the premium spend of the insurance product
9. Please state the job title and level/banding for the person who is responsible within the council for purchasing these insurance products

Response: 

1. Unfortunately we are unwilling to supply an answer to this request as an exemption applies, please see details below.

2. Please see answer to Question 1 above.

3. Please see answer to Question 1 above

4. Please see answer to Question 1 above

5. Please see answer to Question 1 above

6. Arthur J Gallagher Insurance Brokers Ltd

7. No

8. Not applicable

9. The Strategic Lead for IT would liaise with the Council’s Insurance Team in order to procure any appropriate additional cover as required.

Exemption 31 Law Enforcement

It is not in the interest of the council to provide information about the number of attacks that may or may not have been made against our IT systems. This could enable individuals to deduce how successful the council is in detecting these attacks and incurring this risk can be deemed not in the public interest.

Confirming or denying whether information is held on cyber-attacks and what remedial measures may or may not have been taken could aid malicious parties by encouraging further attacks. Attacks on IT systems are criminal offences, so to provide information or confirmation of information being held might prejudice the prevention of crime by facilitating the possibility of an offence being carried out. There is a very strong public interest in the effectiveness of law enforcement and the prevention of crime.

This is a qualified exemption where consideration has been made as to whether the public interest in maintaining the exemption outweighs the public interest in confirming whether such information is held or not.

Our systems hold information about individuals and, therefore, the possible chain of events resulting from releasing this information could put individuals, and authorities, at risk of criminal activity.

You are free to use any information supplied to you for your own use, including non-commercial research purposes.  However, any other type of re-use, for example, by publishing the information or issuing copies to the public will require the permission of the copyright owner.

Where the copyright is owned by Thurrock Council, you must apply to the Council to re-use the information.  Please email information.matters@thurrock.gov.uk if you wish to re-use the information you have been supplied. For information where the copyright is owned by another person or organisation, you must apply to the copyright owner to obtain their permission.

If you are dissatisfied with the way in which the council have managed your FOI request you can pursue an Internal Review by contacting us using the above email address.  Your request will be considered by the Strategic Lead for Information Management who will update you with the outcome of the review. 

If you remain unhappy following the outcome of your Internal Review you may wish to refer your case to the Information Commissioner’s Office (ICO), details of this organisation can be found at www.ico.org.uk . Please be advised that the ICO will not consider your case until they have confirmation that you have already been through the Internal Review stage with the council.

Request reference:
FOI 9354