Question to the Ministry of Defence:

To ask the Secretary of State for Defence, how many civilian staff employed in his Department have received information security training each year since 2010.

All Ministry of Defence (MOD) personnel are required to undertake initial and refresher information security training to ensure they can recognise threats to security and can respond appropriately. This consists of the Defence Information Management Passport online course, which must be retaken every three years, and annual attendance at a General Security Threat Brief (this covers all elements of protective security and includes information and cyber security).

In the period 1 February 2021 (when Version six was introduced) to 1 March 2022, a total of 19,307 MOD civilian staff completed or refreshed their DIMP in accordance with the three-yearly cycle. Longer term training records will be held locally by business areas. General Security Threat Briefs are delivered locally, and no data regarding attendance is held centrally. In both cases, collating this information would involve going out to all sites across MOD, and this would incur disproportionate cost.

As well as mandatory information security training, the MOD has a Cyber Awareness, Behaviours, Skills and Culture Programme that is targeted at all-staff and continually seeks to enhance their cyber security behaviours, both at home and at work; this is supported by novel and engaging awareness campaigns under the 'Cyber Confident' header.