It has emerged, during a session of the Joint Committee on the National Security Strategy (JCNSS), that a government minister instructed Redcar and Cleveland Borough Council to keep secret the extent of a ransomware attack in January 2020. This pressure for secrecy caused problems for the council when it come to dealing with the attack and left the local residents wondering what was happening. This was requested, with a promise of central government covering the cost of the attack – then COVID happened and the council had to find the money.
Your take away from this is, excepting company secrets, you should be in communication with your stake holders if you have a cyber incident – and remember you may have n obligation to report the incident to the ICO.
Clive Catton MSc (Cyber Security) – by-line and other articles
