Richard Browne

Good morning, David.

How are you?

So on average, we get between 30 and 40.

It varies, obviously, month to month cyber attacks that reach our threshold.

And we have a multistage process we go through that rates incidents on a scale.

30 or 40.

So we've more than 200 this year so far.

But of that 200, only about 10 or 12 are large enough to actually merit a formal response by us.

But we see an ongoing cadence of incidents all the time of a variety of different types.

So we see cyber attacks come in a wide range of different types of, in terms of scale, complexity, and their impact on the public.

The ones people will be most familiar with, I'm sure, are ransomware, which is where somebody breaks into a system, locks it or encrypts it, then demands money for the return of data.

And we see those, we've had four or five of those in the last couple of weeks alone here.

That's unfortunately a very common criminal type of actor.

We also see what we call hacktivism, which is

And those types of attacks are very often denial of service attacks or attempted denial of service attacks, which is simply where an actor just takes a load of data and fires it at a website or a system, try and knock it over and remove it from service for a while.

And these are just nuisance type attacks.

We also then see espionage on a fairly regular basis, which is where state or non-state actors seek to steal information from a public body, a research institution, whatever it might be.

And then, of course, much more rare, but it does still happen, are destructive attacks, where someone actively tries to break something, remove a service, break into a system and remove it from operation somehow.

So cyber attacks are a broad spectrum.

Most of them are relatively limited in their effect, but some can be particularly dangerous as well at the same time, as we've seen in the past.