To ask the Minister for the Cabinet Office, pursuant to the Answer of 20 December 2018 to Question 202801, for what reason no reference was made in that Answer to the number of Government Departments which use (a) a system for identifying external emails to recipients and (b) a protocol for timely staff reporting of suspicious emails.
Cabinet Office does not hold this information centrally. It is the responsibility of each government department to manage how they receive external emails and report suspicious emails based on their security requirements. Domain-based Message Authentication Protocol (DMARC) is the system in which Departments identify external email.
The NCSC provides guidance and support to government departments on how to implement good cyber hygiene for staff, including the reporting of suspicious emails of which Cabinet Office have no central record of these figures.