Redscan submitted Freedom of Information requests to 226 NHS trusts in total, reported the FT. Of these, 43 confirmed they had not allocated any funding for cyber security training or expertise between August 2017 and August 2018.
Sixty-seven trusts failed to respond.
That shocking admission was offset by the news that those NHS trusts instead relied on the free training provided by NHS Digital – the IT supplier for the national health service.
The Redscan survey also revealed that NHS trusts lack sufficient in-house cyber security expertise, which is worrying after the WannaCry ransomware spread rapidly through computer systems around the world in May 2017, during which it crippled huge swathes of NHS IT infrastructure.
The survey also discovered there is a wide imbalance in employee cyber security training and spending between trusts; and that many trusts are likely to be failing to meet training targets on information governance.
“Nearly a quarter of trusts have no employees with security qualifications (24 out of 108 trusts), despite some employing as many as 16,000 full and part-time personnel.”