EXECUTIVE SUMMARY:

CIOs have a tough enough job as it is. But when their recommendations to better secure the organization following a massive cyberattack are shot down, that job becomes even tougher. That is the situation that has played out with The National Health Service (NHS) of the UK. NHS Digital claims that investing in the cybersecurity recommendations would be too expensive, according to Computing.

The NHS, as you might recall, was hit hard in 2017 by the WannaCry ransomware attack. In response, the government commissioned a review to analyze what happened. That review, conducted by NHS Chief Information Officer (CIO) Will Smart, estimated that the overall cost of the attack came to about £92 million. Of that, an estimated £20 million was spent dealing with the five-day attack. And according to The Daily Mail, an additional £72 million was spent on IT support in June and July to recover from the virus.

To ensure better security moving forward, the report recommended a system-wide IT security upgrade for all NHS trusts, which would require meeting a standard called Cyber Essentials Plus. The recommendations were endorsed by The National Cyber Security Centre (NCSC). Meeting that requirement carries an estimated cost of between £800 million and £1 billion.

According to Computing, the recommendations are a no-go. “NHS Digital has opposed adoption of the recommendations on the grounds that they would not ‘be value for money’.”

Get the full story at Computing.