Richmond.gov.uk
My Account
  1. Open Richmond
  2. Information about the Council
  3. Freedom of Information

FOI request details

Back

Request

Subject: Cyber Insurance

Reference: LBR-FOI-00592

Does your organisation currently have cyber insurance or plan to invest in cyber insurance in the next 12 months?

If you have cyber insurance who is the policy with?

If you have cyber insurance when does the policy come up for renewal?

If you have cyber insurance what is the cost of your current policy or renewal?

Response

None Disclosed - 24 February 2023

The Council believes that Section 31 of the Freedom of Information Act is engaged. Section 31 States that public authorities are not obliged to release information that would be likely to prejudice the functions of law enforcement - namely the prevention and detection of crime. This is due to the inherent risk that publishing details of the measures we have in place to mitigate against cyber attacks would create in defending against cyber criminals. Should these details be provided by all Local Authorities, potential cyber criminals would be able to create a 'heat map' of the measures in place by Authority, giving them intelligence on which they could select a target.

Whilst providing certain high-level information in relation to the Council's cyber defence measures may appear to be low risk in individual instances, the risk of a potential hacker piecing together information and identifying vulnerabilities is so great, that the Council must exercise extreme caution when considering such disclosures. This is particularly the case in light of the successful attack on Hackney Council in 2020, which was reported to have costed >£12m in the following financial year, not to mention extensive disruption to essential services; several of which involving risk to life. As such, the Council considers the public interest in withholding the requested information to far outweigh any grounds for disclosure.

Councils are actively, and regularly targeted by hackers. The impact of such attacks can be enormous, and organisations can be heavily fined for not taking due care in protecting their systems and the data held on them. Councils provide a wide range of services; the impact of a serious attack could affect thousands of residents.

Please note that our responses were accurate to the best of our knowledge at the time of release, and have not subsequently been updated. This information should be considered an historical record only.