Malicious email volume
Dear Salix Finance Ltd,
Please find below my FOI request regarding malicious emails sent to the department.
The date range for the requests is from 2018 to present day. The data shall include a breakdown by year and by individual departments (e.g. separate departments, agencies, or public bodies within the main government agency), if applicable.
1. How many malicious emails have been successfully blocked?
2. What percentage of malicious emails were opened by staff?
3. What percentage of malicious links in the emails were clicked on by staff?
4. How many ransomware attacks were blocked by the department?
5. How many ransomware attacks were successful?
Yours faithfully,
Rebecca Moody
ID: FOI [1][FOI #805966 email]
Dear Rebecca Moody,
I refer to your request for information received on Thursday, November 11,
2021. This has been treated as a request under the Freedom of Information
Act.
Questions as listed regarding malicious emails:
1. How many malicious emails have been successfully blocked?
2. What percentage of malicious emails were opened by staff?
3. What percentage of malicious links in the emails were clicked on by
staff?
4. How many ransomware attacks were blocked by the department?
5. How many ransomware attacks were successful?
We are unable to provide the information in response to the above
questions as we believe these fall under exemption, Section 31 (1A) – the
prevention or detection of crime of the Freedom of Information Action 2000
(FOIA).
We consider this exemption applies, because the release of this
information could result in a potential cyber-attack against our business.
Section 31 (1) (a) is a qualified exemption, and we are therefore required
to consider the public interest.
This section exists for the prevention or detection of crime and can
protect information on a public authority’s systems which can make it
vulnerable to crime.
We understand and acknowledge the public interest in transparency, but we
also believe an organisation, such as ours must be able to operate without
fear of cyber-attack which may result should we release this kind of
information. Should we face such an attack our IT networks would be
severely impacted which would hinder our ability to carry out our services
as well as resulting in data breaches.
In this instance, we are also applying exemption Section 40 (2), data
protection of FOIA. Under the Data Protection Act 1998 (DPA) Principle 7,
we need to consider the public interest when applying data protection
principles and the release of this requested information may pose a risk
to our cyber security that could lead to a break of Principle 7 of the
Data Protection Act. This means that, as an organisation, we must possess
appropriate security measures to protect the personal data we hold from
being compromised, deliberately or accidentally. We need to protect the
data of our employees as well as those who use our services.
If you are not satisfied with how we have treated your request, you have
the right to appeal and in the first instance this should be to
[2][email address] explaining why you are not satisfied with our
response, and we will review our decisions.
If you are still not satisfied with the outcome, you can write to: The
Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire
SK9 5AF. Telephone: 0303 123 1113 or 01625545745.
There is no charge for making an appeal.
The Information Commissioner will investigate how we have handled your
request. The Commissioner may either uphold or overturn our decision. You
can find more information about the Commissioner at [3]www.ico.org.uk
If we can be of any further assistance, please do not hesitate to contact
me.
Yours sincerely,
Hannah Walker
Hannah Walker
Senior Communications and PR Manager
Salix Finance
[4][email address]
t: 02045246668
75 King William Street
London, EC4N 7BE
From: Rebecca Moody <[5][FOI #805966 email]>
Sent: 11 November 2021 19:22
To: Info <[6][Salix Finance Limited request email]>
Subject: Freedom of Information request - Malicious email volume
Dear Salix Finance Ltd,
Please find below my FOI request regarding malicious emails sent to the
department.
The date range for the requests is from 2018 to present day. The data
shall include a breakdown by year and by individual departments (e.g.
separate departments, agencies, or public bodies within the main
government agency), if applicable.
1. How many malicious emails have been successfully blocked?
2. What percentage of malicious emails were opened by staff?
3. What percentage of malicious links in the emails were clicked on by
staff?
4. How many ransomware attacks were blocked by the department?
5. How many ransomware attacks were successful?
Yours faithfully,
Rebecca Moody
-------------------------------------------------------------------
Please use this email address for all replies to this request:
[7][FOI #805966 email]
Hannah Walker
Senior Communications and PR Manager
Communications Lead: Phase 2 & Phase 3 Public Sector Decarbonisation
Scheme (PSDS), & Phase 2 Public Sector Low Carbon Skills Fund (LCSF),
Media & Communications
Salix Finance
[8][email address]
t: 02045246668
75 King William Street
London, EC4N 7BE
References
Visible links
1. mailto:[FOI #805966 email]
2. mailto:[email address]
3. http://www.ico.org.uk/
4. mailto:[email address]
5. mailto:[FOI #805966 email]
6. mailto:[Salix Finance Limited request email]
7. mailto:[FOI #805966 email]
8. mailto:[email address]
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now