Cyber attacks annually since 2013

For each year since 2013

1.Please provide details of how many cyber-attacks to computer systems, networks or devices have taken place.

Data about this activity is only held for a short time for diagnostic purposes, we do not hold information which would provide annual totals for the years requested

2. Please provide details of how many cyber security incidents caused internal systems or devices to be infected or for services to be affected.

No cyber attacks have been successful, therefore we do not hold that information.

3. How many times have you reported cyber security incidents to:
a) Police

No cyber attacks have been successful, therefore we do not hold that information.

b) NCSC

No cyber attacks have been successful, therefore we do not hold that information.

c) Information Commissioner’s Office (ICO)

No cyber attacks have been successful, therefore we do not hold that information.

d) Other, please provide detail

No cyber attacks have been successful, therefore we do not hold that information.

4. How many cyber security incidents have caused the loss/breach of data?

No cyber attacks have been successful, therefore we do not hold that information.

5. Please provide details of the cyber security awareness training provided to staff.

Devon County Council does not currently deliver bespoke cyber security training to its staff.  However cyber security good practice is included in the Council’s Data Protection E-learning which all staff are required to complete.

6. Please detail the number of staff trained in cyber security awareness.

Cyber security good practice is included in the Council’s Data Protection E-learning which all staff are required to complete.

7. Please detail what percentage of the annual budget has been allocated towards:
a) securing IT-systems and networks against cyber-attacks

2013 – 2014 – 0.011%

2014 – 2015 – 0.012%

2015 – 2016 – 0.014%

2016 – 2017 – 0.011%

Figures represent direct spend on cyber security software contracts and does not include any element of internal staff time to support these systems.

b) training staff in cyber security awareness

We do not have a separate budget for cyber security awareness training, therefore we do not hold this information.