Cyber-attack: Our response and recovery from a major cyber-attack

On 24 December 2020, we were subject to a serious and complex cyber-attack, displaying significant stealth and malicious sophistication, which significantly impacted our organisation, our staff, our public and private partners, and the communities who rely on our services. 

Since the attack, we have worked with Scottish Government, Police Scotland, the National Cyber Security Centre (NCSC) and the Scottish Business Resilience Centre (SBRC), to a clear recovery strategy.

Learnings from the cyber-attack

We voluntarily commissioned reviews from independent experts to help:  

  1. ensure that SEPA further enhances its cyber security as the organisation builds new systems and practices.
  2. allow others to learn from SEPA’s experience to help better protect themselves from cyber-crime.  

We are publishing as much as we can of the reviews so that as many organisations as possible can use our experience to better protect themselves from cyber-crime and have committed to supporting Police Scotland and Scottish Business Resilience Centre in their work on highlighting the support available to organisations to be cyber ready, resilient and responsive.

Our service status

Throughout our response and recovery activities, we published a weekly service status, detailing progress on our affected systems and services. We'll continue to update our service status on a weekly basis so that we’re clear on what those we work with can expect and how we'll prioritise progress.

Our current service status information.

Regulatory approach hub

SEPA committed to supporting regulated businesses during EU exit and COVID-19 and our response to the cyber-attack whilst maintaining protection for Scotland’s environment, communities and our people by publishing information on our regulatory approach website. As organisations re-open, we have now withdrawn this website and the temporary regulatory position statements (TRPS) it included.

You can find current information on the following regulatory positions on our website:

If you require to view a withdrawn TRPS, please contact us.

Further information

Cyber security advice:

Contact us:

Further reading: