About our data

Reporting quarters are based on the calendar year, 1 January to 31 December.

We receive reports of incidents from both individuals and organisations. They choose how much or how little they feel comfortable providing, often about very sensitive incidents. We will not share specific details about an incident, without the reporting party's consent.

We aren't always able to verify the information we receive, though we try to, particularly when dealing with significant cyber security incidents.

The way we collect and use the information provided to us is set out in our privacy and information statement.