Agenda item

Information Governance Performance - Quarter 4 2017/18


The IT Service Director will submit a report detailing the current position in relation to the number of information security breaches and cyber incidents that have been reported and investigated during Quarter 4 for the period 1st January to 31st March, 2018.


The Service Director IT submitted a report providing details of the Council’s position in relation to the number of information security breaches and cyber incidents that had been reported and investigated during Quarter 4 of the 2017/18 financial year.  The report also gave details within an appendix of the ways in which incidents could be reported.


In summary:


·         in relation to Information Security Incidents

o   there had been 32 incidents of which 3 involved a third party.  After investigation 3 were found to be unsubstantiated and 9 were undergoing further investigation

o   in 2017/18 there had been 157 incidents (including weaknesses) which compared to 119 in the previous year.  Of those, 3 had been reported to the Information Commissioners Office (ICO) compared to 4 in 2016/17

o   the report, in categorising incidents by Service and by type, indicated that the most frequently occurring were those disclosed in error – emails sent to the wrong recipient/incorrect recipients copied in/wrong postal addresses etc.  Information was also provided about the principles of the Data Protection Act that had been breached together with the potential implications thereof

o   one incident that had been reported to the ICO was still under investigation and details of any recommendations/penalties were awaited.   A further report would be submitted in due course

o   A summary of the lessons learned and action taken was provided and it was noted that the Information Governance Board and Service Directors were continuing to support the Information Governance Team with investigations and resolution of incidents


·         in relation to Cyber incidents the report gave details of the number of ‘attempts’ and ‘attacks’ by quarter listed by category.  It also gave comparisons with quarter 4 from the previous year

o   a 586 incidents had been reported which was a decrease from the previous quarter.  Of those

§  217 had been reviewed and advice given

§  307 were real phishing emails with the sender being blocked

§  There had been no successful attacks within the quarter which was pleasing to note

§  62 others had been referred to the security team for advice and had been resolved

o   There had been an increase in the number of phishing emails being received throughout the Council year on year but a drop in quarter 4 compared to quarter 3 which appeared to be a failure to log calls with the Information Security Team.  During a recent incident only a few instances of a specific phishing email had been logged but when investigated further, approximately 200 mailboxes had received the email.  It was pleasing to note, however, that no-one had clicked on the link  within the email so the ‘attack’ had been unsuccessful

o   A new approach to logging phishing and spam email was being investigated which would both hopefully increase the number of reported instances whilst at the same time populating a database within the mail filtering system so that further ‘attacks’ could be stopped

o   A new contract for Cyber Security Defences had been awarded and the various ‘tools’ to prevent cyber-attack would be rolled out in the coming months.  In addition, an exercise had been undertaken to ensure that passwords used to access the Council network were of a satisfactory security level.  This was currently ongoing


It was pleasing to report that the Service had a Degree Apprentice who had been invited to the national Employee Student Awards to be held on the 10th May, 2018 which was a fantastic achievement both for the student and for the Council.


In response to questioning the Head of IT Service Management outlined the action her team took in response to the receipt of a suspicious email.  The Council also had arrangements in place to inform its Cyber Security Defence  provider of the receipt of suspicious emails and in turn, this information was then passed on to other organisations.




(i)            that the report be received and Ms S Hydon, IT Service Director be thanked for attending the meeting and for answering Members questions;


(ii)          that Executive Directors and Service Directors be requested to note the potential impact of Information Security and cyber incidents on the Council and the potential for ICO fines and that when such incidents occur, they work together with all Business Units, within the prescribed timescales,  and with the Information Governance Team to find a resolution to the issues identified; and


(iii)         that when information security and cyber incidents occur, Executive Directors and Service Directors ensure full and timely reporting and investigation so that lessons are learned and solutions implemented in line with the policy timescales.


Supporting documents: