Question to the Cabinet Office:

To ask the Minister for the Cabinet Office, pursuant to the Answer of 23 October 2017 to Question 108121, what discussions he has had with representatives of Deloitte on the reasons why information was only received in September 2017 given the cyber attack was discovered by that company in March 2017.

Deloitte notified the National Cyber Security Centre (NCSC) of a cyber incident affecting their US operations in September 2017. The NCSC engaged with Deloitte to establish whether there were any UK impacts, and identify mitigation measures. While the NCSC advises organisations to report significant cyber incidents immediately, it is at the discretion of the company to choose if and when to do so. The Minister for the Cabinet Office did not have discussions with Deloitte representatives on this matter.