Question to the Ministry of Defence:

To ask His Majesty's Government, following the recent cyber-attack targeting the personal details of UK military personnel, what steps they are taking, if any, to review their current data security protocols and cyber defence strategies.

The Cyber Resilience Strategy for Defence is already driving forward a programme of work to improve Defence’s cyber security. The Cyber Resilience Strategy was reviewed recently and remains valid. This includes adopting a Secure by Design approach to ensure security is built into our programmes from the outset and managed effectively on a through life basis.

With regards to the recent cyber incident specifically, the Ministry of Defence (MOD) has commissioned an independent review into what happened and lessons that can be learned. This will include examining Data and Information Security, the involvement with the contractor and the wider use of systems which process personal data. In addition the MOD are conducting a full review of the Information Security measures that were in place in this contract. Should the independent review suggest that further measures are necessary, the MOD will review these recommendations and implement such changes as are necessary to ensure the continued security of all MOD's data.