Dr. Richard Browne:

Yes. We have not ever named a state as being responsible for a cybersecurity incident in this country. The widely promulgated responsible actor for the HSE incident is in Russia and is largely regarded as being based in a Russian city. We would not demur from that analysis, although we have never named the threat actor involved. That is an important detail.

On top of that, regarding the hotlist of most active countries, I will refer to a recent Microsoft report that backs up decades of industry experience. The four countries seen as largely responsible for the bulk of cybersecurity incidents are the Russian state, which is responsible for up to 65% of cybersecurity incidents globally, according to the Microsoft report published late last year, China, North Korea and Iran. Those are the four states generally regarded in the literature as being responsible for the majority of cyberattack offences. They do different things and focus on different types of actions, but that is what it is.