Cyberattacks on the Council

1. Please confirm whether your council has experienced any cyberattacks during this period.

If so, for each year, 2023, 2024 and 2025, please provide:



a) The number of incidents.

b) The type of cyberattack(s) (e.g. phishing, ransomware, DDoS).

c) The duration and severity of any service disruption caused.

d) The total cost incurred per incident (including recovery, legal fees, consultancy, fines, etc.). 





2. Cybersecurity and Related Spending:

For each of the years 2023, 2024 and 2025, please provide:



a) Total annual spend on cybersecurity (including systems, software, and third-party providers).

b) Annual cost of cyber insurance policies (if applicable).

c) Any compensation paid to individuals or businesses as a result of cyberattacks or data breaches. 

d) Please supply the requested information in digital format (e.g. Excel, CSV, or PDF).



If any element of this request is unclear or likely to exceed the appropriate cost limit, I would be grateful for advice on how to refine it accordingly.

1-2. This request should be exempt from disclosure under Section 31(1)(a) and Section 31(3) of the Freedom of Information Act - Law enforcement. Disclosure of this information would be likely to prejudice the prevention or detection of crime. Section 31(1)(a) provides an exemption where prejudice could be caused to allow criminals to use the information to gain unlawful access to Council systems and infrastructure. Public disclosure of the information requested would be prejudicial to the Council allowing bad actors an insight into the cyber security controls and provision at LCC allowing for unlawful access to the Councils network or systems.