Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, pursuant to the Answer of 12 September 2017 to Question 7589, whether the Minister has made an assessment of differences in risk levels to cyber security between Civil Service staff and staff working for private firms contracted to do work by the Government.

All roles with access to sensitive information or systems are risk assessed. Staff and
contractors are vetted to the appropriate level to manage these risks.

Contractors working for Government departments are subject to the same security
standards and training as civil servants depending on their access to government systems
and information. Basic cyber security awareness is an essential protection against attacks
such as email phishing and departments are already providing training for their staff and
contractors on this.