Focus Report on Perceptions of Cyber Security Issues

Jun 2016

In February 2016, Digital Health Intelligence surveyed NHS IT leaders on their current priorities and attitudes to a range of emerging issues. Those surveyed were members of the Health CIO and CCIO networks. Included in the annual survey were a series of questions about attitudes to the emerging area of cyber security. Digital Health Intelligence has extracted and analysed these responses for this focus report on perceptions of cyber security issues.

The survey responses indicate that cyber security is a low priority for the majority of NHS IT leaders. In a ranking of 15 priority areas, it was ranked 14. Similarly, when asked about priority IT skills for future recruitment, cyber security was at the bottom of the list; even though these skills tend to be at a premium in other sectors.

However, when respondents were asked about their board’s attitudes to a range of IT issues, 42% of respondents said they believed their board was concerned about cyber security. This suggests that a significant number of boards have the issue on their radar, at least.

Free text responses to a question on cyber security risks also paint a more nuanced picture. They suggest that cyber security is, in fact, a ‘Marmite issue’, with some NHS IT leaders seeing the risks as high and growing, and others seeing them as over-hyped.

CCIOs, in particular, were likely to be unfazed by cyber security threats; or to see them as the domain of their more technically minded and expert colleagues.

However, some health CIOs also expressed concern that trusts lack the necessary skills, and need more support from both specialist suppliers and national bodies, such as the Health and Social Care Information Centre; which has since set up a CareCERT.

There was also a view that cyber security risks should be manageable; and that managing them should not get in the way of much needed initiatives to digitise care, share information, and create new patient services. “Security is a risk, but it is a balance. The public generally understand this,” the CIO of one foundation trust argued.