The number of NHS trust staff with IT security qualifications has almost doubled since 2018, new data suggests.
The research also shows that trusts reported an average of two breaches to the Information Commissioner’s Office in 2020, a slight drop from 2019 (2.5).
Meanwhile, the majority (83 per cent) of trusts commissioned at least one penetration test from an external third party in 2020.
Freedom of Information data obtained by cyber security services firm Redscan shows that trusts had an average of 2.8 employees with professional IT security qualifications in 2020; versus 1.9 in 2018.
One in four trusts had no qualified IT security professionals in 2018, a figure which has now fallen to one in seven.
On average, NHS trusts reported fewer data breaches in 2020 than they did in 2019. While this appears to be a positive trend, more than two-thirds of trusts reported the same number or even more breaches in 2020 than in 2019. Just over 30 per cent of trusts reported fewer breaches.
A shortage of skilled cyber security professionals is a problem for organisations across all sectors, including healthcare, but the NHS appears to have closed the skills gap in recent years.
In 2018, Redscan found that, on average, trusts had just one member of staff with professional security credentials per 2,750 employees.
In 2020, this ratio improved significantly with an increase to one qualified security professional per 1,996 employees. Over the same period, the number of trusts with no qualified security personnel decreased from 23 to 15 per cent.
As was the case in 2018, there remains little consistency in terms of money spent on IT security training across NHS trusts.
For example, while one trust spent £78k on security training in 2020, more than half of respondents (58 per cent) spent nothing; only requiring employees to complete mandatory annual NHS digital information governance training.
Mark Nicholls, CTO of Redscan, said: “In 2018, our FOI revealed a large disparity in cyber security skills and training spend across the NHS. Fast-forward two years, and our latest report provides a valuable snapshot of how the situation has changed.
“It suggests that while disparities in training spend and penetration testing still exist, trusts are more likely to have qualified security professionals on staff and are also reporting fewer breaches compared to 2019.
“With more and more healthcare organisations being targeted by attackers, every NHS trust needs to ensure it is prepared for the challenges ahead. To deliver an effective service, organisations must continuously improve their defences to protect the patient data and infrastructure they rely on to save lives.”