Our report on Cyber Resilience and why we’re not publishing it

Our report on Cyber Resilience and why we’re not publishing it
14 January 2021
Woman looking at tablet device

We made this decision following advice from experts in the field of cyber security

Cyber-attacks are a common and growing threat to public bodies in Wales. To make sure we don’t increase the threat level in any way, we have decided not to publish our report on cyber resilience.

We have taken this unusual step because of the expert advice we’ve had that suggests there is a risk of our report provoking a cyber-attack on Welsh public bodies.

Nevertheless, we are still determined to get our report in front of those who need it most. So, we have distributed the report securely and confidentially to the senior leaders of public bodies. And we will be looking for other opportunities to share the learning from our work by presenting at various forums.

Our work aims to leave these senior decision makers in no doubt about the critical importance of cyber resilience. We hope the report will help them reflect on their organisational arrangements, as well as their personal responsibilities, given that the buck ultimately stops with them.

Our main findings are that cyber-attacks are a common and growing threat to public bodies in Wales and there is scope to strengthen resilience through clearer responsibilities, better planning and increased awareness and skills.

Our report provides much more detail than that and points public bodies to key sources of good practice. We shared other useful information on good practice during a webinar we ran on cyber resilience in September. View our blog for more information and to access our recording.

Many thanks to everyone who has contributed to this work and if you have any feedback, please get in touch with Stephen Lisle – stephen.lisle@audit.wales.