Skip to main content Skip to accessibility
This website is not compatible with your web browser. You should install a newer browser. If you live in Jersey and need help upgrading call the States of Jersey web team on 440099.
Government of

Information and public services for the Island of Jersey

L'înformâtion et les sèrvices publyis pouor I'Île dé Jèrri

Jersey Cyber Security (FOI)

Jersey Cyber Security (FOI)

Produced by the Freedom of Information office
Authored by Government of Jersey and published on 05 February 2024.
Prepared internally, no external costs.


Following the publication in the Jersey Evening Post (JEP) on 8 January 2024, the Jersey Cyber Security Centre (JCSC) has advised that 80% of cyber-attacks in Jersey originated from Russian sources.  Please confirm the following:


Please share the JCSC source data for this claim, including the mechanisms behind how this data was captured and validated by the JCSC. 


Please provide a percentage breakdown by sector for these attacks.


Please share a breakdown in type of attacks recorded, for example, phishing, DDOS, Business Email Compromise and so on.


Please provide information on what the JCSC's remit and mandate is to ensure the Government of Jersey (and associated agencies and arm’s length bodies) are maintaining the Cyber Essentials standards and where this is published.  Ideally also providing a link to the Cyber Essentials certification for Government of Jersey to provide comfort to the citizens they information provided to Government is appropriately protected.


Please share which Government of Jersey departments, agencies, partners and arm’s length bodies were included in the pan island incident response exercise referenced in the JEP article.


A, B and C

This information is exempt under Article 33 of the Freedom of Information Law because an understanding of techniques used by the Jersey Cyber Security Centre (‘JCSC’)  would provide a malicious actor with information that could support their actions. 


JCSC is not responsible for Government of Jersey information systems. The remit and mandate for JCSC is outlined in the Ministerial Decision which establishes the Jersey Cyber Security Centre, please see the link below:  

Ministerial Decisions 25 August 2023 ( 

Please see the following link for information in relation to the Government of Jersey Cyber Essentials certification. Article 23 of the Freedom of Information (Jersey) 2011 has been applied.  

Cyber Essentials (​


The Pan-Island incident response exercise was attended by representatives from a range of Critical National Infrastructure organisation. A full list of participants is qualified exempt under Article 33 of the Freedom of Information Law as it would enable malicious actors to identify which organisations did not attend this session and which are potentially more vulnerable to attacks.

More information on the activities of the Jersey Cyber Security Centre will be published on the Jersey Cyber Security Centre website as metrics become available, starting from Q3 2024. 

Articles applied

Article 23 - Information accessible to applicant by other means

(1) Information is absolutely exempt information if it is reasonably available to the applicant, otherwise than under this Law, whether or not free of charge.

(2) A scheduled public authority that refuses an application for information on this ground must make reasonable efforts to inform the applicant where the applicant may obtain the information.

Article 33 - Commercial interests

Information is qualified exempt information if –

(a) it constitutes a trade secret; or

(b) its disclosure would, or would be likely to, prejudice the commercial interests of a person (including the scheduled public authority holding the information).

Public Interest Test

Article 33 is a qualified exemption and as such, Government of Jersey has conducted a prejudice test as required by law. 

When responding to requests of this nature, Government of Jersey has to balance the public interest with the impact that disclosing this information would, or would be likely to, have upon the organisation and / or third parties. Whilst it may be in the public interest to understand the techniques used by the Jersey Cyber security centre, protecting the security interests of Government of Jersey is an essential component in providing cyber security in a safe way, which in itself is in the public interest.

It has been concluded that disclosing details of the methods used is likely to prejudice the interests of Government of Jersey. When considering the application of this exemption, Government of Jersey has determined that whilst it is in the public interest to disclose information, this is outweighed by the necessity to limit any impact on the commercial interests of Government of Jersey and third parties in future contract negotiations, and as such, Article 33 has been applied.​

Back to top
rating button