Question reference: S6W-15938
- Asked by: Liam Kerr, MSP for North East Scotland, Scottish Conservative and Unionist Party
- Date lodged: 16 March 2023
-
Current status: Answered by Keith Brown on 21 March 2023
Question
To ask the Scottish Government how many cyber-attacks have been recorded on (a) its and (b) its agencies’ computer and data systems since January 2021, and, in each case, what the suspected source was, and to what extent the attack (i) gained information and (ii) damaged systems.
Answer
1. The National Cyber Security Centre advises Government departments to withhold specific information that may provide insight into the likelihood of success of specific cyber techniques and the Scottish Government follows this advice.
2. The Scottish Government is not a formal reporting agency for cyber incidents or cyber attacks, which means that agencies are not obliged to report any cyber incidents or attacks they experience to us. However, we encourage any Scottish public body that does experience a cyber incident to notify the Scottish Government Cyber Resilience Unit under the voluntary Scottish Public Sector Notifiable Cyber Incident Procedure so that we can ensure that all relevant and necessary support can be provided.
Between January 2021 and 17 March 2023 we were notified of 26 cyber incidents under this procedure.