Freedom of Information request 115-2023

Freedom of Information Request – Ref: FOI 115-2023
Thank you for your recent Freedom of Information request. Please find our response below.
1. For each year 2020 – 2022., please confirm how many cyberattacks your Trust has suffered?
2. For each year 2020 – 2022., please confirm how many cyberattacks have resulted in the halting of or delay in delivery of care or services to patients?
3. For each year 2020-2022., please confirm:
The GBP £. value of budget allocated to cybersecurity
£65,000
What percentage of the Trust’s entire budget for the financial year was spent on cybersecurity?
0.024%
How many times in the last 12 months have you audited your third-party suppliers’ cybersecurity measures?
We can only part answer question 3, the rest of the information is exempt under Section 31 of the FOI Act for the following reasons:
The agency like any organisation may be subject to cyber-attacks and, since it holds large amounts of sensitive, personal and confidential information, maintaining the security of this information is extremely important. Cyber-attacks, which may amount to criminal offences for example under the Computer Misuse Act 1990 or the Data Protection Act 1998, are rated as a Tier 1 threat by the UK Government.
In this context, providing requested information would provide information about the agency’s information security systems and its resilience to cyber-attacks. There is a very strong public interest in preventing the agency’s information systems from being subject to cyber-attacks. Providing the type of information requested would be likely to provide attackers with information relating to the state of our cyber security defences, and this is not in the public interest.