FOI request details

Back

Request

Subject: Cyber Insurance Spending

Reference: WBC-FOI-00582

Does your organisation currently have cyber insurance or plan to invest in cyber insurance in the next 12 months?

If you have cyber insurance who is the policy with?

If you have cyber insurance when does the policy come up for renewal?

If you have cyber insurance what is the cost of your current policy or renewal?

Response

None Disclosed - 24 February 2023

Request for Information - WBC-FOI-00582 - Cyber Insurance Spending

I refer to your request for information received on 27 January 2023. Please see the information below in response to your request: -

Your Request:

Does your organisation currently have cyber insurance or plan to invest in cyber insurance in the next 12 months?

If you have cyber insurance who is the policy with?

If you have cyber insurance when does the policy come up for renewal?

If you have cyber insurance what is the cost of your current policy or renewal?

Our Response:

Please note that Wandsworth Council believes that Section 31 of the Freedom of Information Act 2000 is engaged. Section 31 States that public authorities are not obliged to release information that would be likely to prejudice the functions of law enforcement - namely the prevention and detection of crime. This is due to the inherent risk that publishing details of the measures we have in place to mitigate against cyber attacks would create in defending against cyber criminals. Should these details be provided by all Local Authorities, potential cyber criminals would be able to create a 'heat map' of the measures in place by Authority, giving them intelligence on which they could select a target.

Whilst providing certain high-level information in relation to the Council's cyber defence measures may appear to be low risk in individual instances, the risk of a potential hacker piecing together information and identifying vulnerabilities is so great, that the Council must exercise extreme caution when considering such disclosures. This is particularly the case in light of the successful attack on Hackney Council in 2020, which was reported to have costed >£12m in the following financial year, not to mention extensive disruption to essential services; several of which involving risk to life. As such, the Council considers the public interest in withholding the requested information to far outweigh any grounds for disclosure.

Councils are actively, and regularly targeted by hackers. The impact of such attacks can be enormous, and organisations can be heavily fined for not taking due care in protecting their systems and the data held on them. Councils provide a wide range of services; the impact of a serious attack could affect thousands of residents.

In accordance with the Freedom of Information Act 2000, this response acts as a Refusal Notice.

If you are dissatisfied with the information provided in relation to your request, you may make representations to the Information and Transparency Manager. Any such request for an internal review should be made within 40 days from today's date. Correspondence should be addressed to: FOIW@richmondandwandsworth.gov.uk

If you are not content with the outcome of the internal review, you have the right to apply directly to the Information Commissioner for a decision at: https://ico.org.uk/global/contact-us/

Regards,

FOI and DPA Officer

FOIW@richmondandwandsworth.gov.uk

Please note that our responses were accurate to the best of our knowledge at the time of release, and have not subsequently been updated. This information should be considered an historical record only.