- Does your organisation keep an incident log of cyber attacks?
Yes. Like any other organisation with an Internet presence we are subject to daily activity which could be categorised as an ‘attack’. Many of these are mitigated automatically and not recorded.
2. How many cyber attacks – attempted and successful – were recorded against your organisation in the last three financial years, year-by-year (ie 2014/15, 2015/16, 2016/17)?
Data about this activity is only held for a short time for diagnostic purposes, we do not hold information which would provide annual totals for the years requested.
- Where cyber attacks were successful, what kind of data and what amount of data, if any, was lost or stolen? Was it confidential?
No cyber attacks have been successful, therefore we do not hold this information.
- For each case, please confirm:- the type of attack (eg ransomware, denial of service etc)
No cyber attacks have been successful, therefore we do not hold this information.
- What demand, if any, was made to resolve the attack? Did the organisation comply?
No cyber attacks have been successful, therefore we do not hold this information.
- Whether the attack was reported to police or other responsible authority? Was the attacker traced/convicted?
No cyber attacks have been successful, therefore we do not hold this information.