We are seeing a lot of people commenting on the under investment in cybersecurity in the NHS. This was something I pushed during a recent BBC news appearance on WannaCry, the BA IT failure and Petya/NotPetya. 

Is it just the NHS though? As fas as I can tell there has been massive underinvestment across most critical national infrastructure as well as the broader commercial market. 

There will be some board members that feel they have spent too much of securing their IT. 

But have their security teams invested their money wisely on the right people, processes, technology, partners and services? Many have thrown money at technology that is not a magic bullet on its own.