1. Does your organisation currently have cyber insurance or plan to invest in cyber insurance in the next 12 months?
2. If you have cyber insurance who is the policy with?
3. If you have cyber insurance when does the policy come up for renewal?
4. If you have cyber insurance what is the cost of your current policy or renewal?
In response to questions 1-4, Devon County Council (DCC) can neither confirm nor deny that this information is held, in accordance with Section 31(3) of the Freedom of Information Act 2000.
The Council considers information relating to cyber insurance to be exempt from disclosure under Section 31(1) (a) of the Freedom of Information Act 2000 – ‘Law Enforcement’ – ‘the prevention or detection of crime’. This is because disclosure places the organisation at risk of fraud and crime.
Our view is that this information constitutes valuable intelligence, which could be leveraged by a motivated cyber threat actor to inform a successful attack against our infrastructure. We feel that releasing this information would increase the chances of DCC becoming the victim of a cyber-attack. Attacks on IT systems are criminal offences. To provide information, or confirmation of information being held, might prejudice the prevention of crime by facilitating the possibility of an offence being carried out.
There is a very strong public interest in the effectiveness of law enforcement and the prevention of crime and although we appreciate that there is a general public interest in openness (because this increases public trust and engagement), this public interest should be weighed against a very strong public interest in safeguarding the security of Council networks and systems. Section 31 of the Freedom of Information Act 2000 states that there is a very strong public interest in protecting the law enforcement capabilities of public authorities.
We feel that significant weight should be applied to this public interest consideration given the current elevated cyber threat landscape facing public sector organisations. For these reasons we feel that the balance of public interest weighs in favour of withholding this information from disclosure.