Cybersecurity statistics
Case reference FOI2026/00021
Received 6 January 2026
Published 4 March 2026
Request
I am writing to request information on your organisation's recent experiences with cybersecurity incidents. Specifically, I would be grateful if you could provide responses to the following questions:
1. How many successful breaches has your organisation experienced in the last five years?
2. Following your most recent breach, did you disconnect any affected systems or devices from the internet?
3. How long did it take to mitigate the threat and restore normal operations after your most recent breach?
4. Is your organisation currently reviewing or updating its cyber incident response policies to strengthen system isolation, disconnection, or containment measures?
Response
1. How many successful breaches has your organisation experienced in the last five years?
2. Following your most recent breach, did you disconnect any affected systems or devices from the internet?
3. How long did it take to mitigate the threat and restore normal operations after your most recent breach?
We can neither confirm nor deny that any of this information is held by virtue of the exemption at Section 31 (3) for law enforcement, of the Freedom of Information Act 2000. This provides that the duty to confirm or deny does not arise if, or to the extent that, compliance with section 1(1)(a) would, or would be likely to, have the effects mentioned in Sections 31(1)(a), 31(1)(b) and 31(1)(c) i.e. it would, or would be likely to prevent the detection of crime, the apprehension or prosecution of offenders, or the administration of justice.
We have considered the public interest in confirming or denying if any of the information is held. Confirming if any information is held would be consistent with the general principle of transparency. However, it would also reveal information that would be likely to prejudice the detection of crime, the apprehension or prosecution of any offenders, and the administration of justice.
Please note that no inference should be taken from this response that any information is or isn’t held.
4. Is your organisation currently reviewing or updating its cyber incident response policies to strengthen system isolation, disconnection, or containment measures?
National Highways routinely reviews and updates its security incident response plans to ensure they are effective in light of a dynamic threat and hazard environment. Incident response plans are aligned to industry standards such as the CAF (Cyber Assessment Framework).
Documents
This is National Highways' response to a freedom of information (FOI) or environmental information regulations (EIR) request.
You can browse our other responses or make a new FOI request.