Cyber attacks and cyber security incidents

Request 

Dear Sir or Madam,

I am writing under the Freedom of Information Act 2000 to request information about cyberattacks and cyber security incidents affecting your university. 

For each year since 2013: 

1.Please provide details of how many attempted cyber-attacks to computer systems, networks or devices have taken place 

2. Please provide details of how many cyber security incidents caused internal systems or devices to be infected or for services to be affected 

3. How many cyber security incidents have caused the loss/breach of data?

4. If permissible within the confidentiality limits of the FOIA please provide detail of what type information was obtained eg. email addresses, student data or academic data/research 

5. Where possible please provide information as to which country each breach originated from

If possible within the cost limits of the FOIA: 

6. Please detail what percentage of the annual budget has been allocated towards:

           a) securing IT-systems and networks against cyber-attacks

b) training staff in cyber security awareness 

NOTE: Please include the following definitions given by the National Cyber Security Centre (NCSC)

Cyber-attack: a malicious attempt to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means

Cyber security incident: a breach of a system’s security policy in order to affect its integrity or availability or the unauthorised access or attempted access to a system 

Please provide the data in an excel spreadsheet and confirm you have received this email. 

If it is not possible to provide the information requested due to the information exceeding the cost of compliance limits identified in Section 12, please provide advice and assistance, under the Section 16 obligations of the Act, as to how I can refine my request. 

If you have any queries please don’t hesitate to contact me via email or phone and I will be happy to clarify what I am asking for, my details are outlined below. 

Thank you for your time and I look forward to your response within 20 working days in accordance with the FOIA.

Response

Dear Ms..,

I write further to your request for information dated 10 March 2019.  This request has been handled by the University in accordance with its duties and obligations under the Freedom of Information Act 2000 ("FOIA").  

You requested details of:

  1. Please provide details of how many attempted cyber-attacks to computer systems, networks or devices have taken place
  2. Please provide details of how many cyber security incidents caused internal systems or devices to be infected or for services to be affected
  3. How many cyber security incidents have caused the loss/breach of data?
  4. If permissible within the confidentiality limits of the FOIA please provide detail of what type information was obtained eg. email addresses, student data or academic data/research
  5. Where possible please provide information as to which country each breach originated from

If possible within the cost limits of the FOIA:

6. Please detail what percentage of the annual budget has been allocated towards:

           a) securing IT-systems and networks against cyber-attacks

b) training staff in cyber security awareness

The University's response is attached FOIA response 32/1388 .  

If you are not satisfied with the handling of your request, you may request an internal review.  Internal review requests should be submitted within two months of the date of receipt of the response to your original letter by writing to:


Chris Ince
University Secretary
London Metropolitan University
166-220 Holloway Road
London
N7 8DB
 
Email: c.ince@londonmet.ac.uk
 
If you remain dissatisfied with the handling of your request, you have a right of appeal to the Information Commissioner at:
 
The Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
 
Telephone:  0303 123 1113 or 01625 545745
Website:  www.ico.org.uk
 
There is no charge for making an appeal.

Kind regards,

Tracy Brathwaite
Information Compliance Officer
University Secretary's Office
London Metropolitan University
166-220 Holloway Road
London N7 8DB

Switchboard: 020 7423 0000