Content

Freedom of Information Request

GDPR, Cyber Security Training and Breaches

Received: 7 January 2021

Council name

Region - please select from the following: South East, London, North West, East of England, West Midlands, South West, Yorkshire and the Humber, East Midlands, North East, Wales, Scotland, Northern Ireland

The total number of full-time and part-time employees employed by your organisation (as of 1st January 2021 or latest figures available)

The total number of full-time and part-time employees employed by your organisation with professional data security / cybersecurity qualifications (as of 1st January 2021 or latest figures available) - Common qualifications may include any cyber or IT security related qualifications such as CISSP, SSCP, CSA, CEH, CISA, CISM, Security+

The total number of full-time and part-time employees employed by your organisation who have completed cyber security training between 1stJanuary 2020 and 31stDecember 2020 (or latest annual figures available)

How much money (in pounds sterling) has been spent on cyber security training between 1stJanuary 2020 and 31stDecember 2020 (or latest annual figures available) this may include GDPR-related training

How many data breaches did your organisation report to the ICO between 1st January 2019 and 1st January 2020

How many data breaches did your organisation report to the ICO between 1st January 2020 and 1st January 2021

Was your organisation victim to a successful ransomware attack between 1st January 2020 and 31st December 2020? As for the definition of a 'successful ransomware attack', please include any incident in which an attacker requesting a ransom/payment managed to successfully encrypt, steal or leak any data/systems/assets that your organisation processes/holds.

If you answered yes to the previous question, did your organisation agree to pay a ransom? Yes/No

Did your organisation suffer a cyber security incident between 1st January 2020 and 31st December 2020 which resulted in disruption to the council's services? This refers to any cyber incident that forced usual services to go offline or become unavailable. Yes/No

Outcome / Documents

  • Response (some exempt) - application/pdf - Download