Well, this is fine, just so long as those “public bodies” all have backup/recovery plans, and backup storage storing just however many minutes, hours, or days that are acceptable to lose data for, when they get hit with ranswomware encryption. it’s all a matter of cost, if you have backups, and systems can be wiped, reset, reconfigured, in an acceptable amount of time, then the ransomewarers can get fucked.
If you get hit, and either don’t have the backups before the encryption, or taking the time and expense to staff up IT consultants to wipe/reset/reconfigure/test is financially ruinous, then it’s you who are fucked, if you’re legally barred from paying the ransom (which 95% of the time works just fine, aside from, you know, financially supporting terrorists and terrorist states).
I’d always suggest being prepared with a backup recovery plan, and educating the principals just how long it’s going to take from “go” to “back up to where we were functionally before we got hit”, how much that’s going to cost upfront pre emergency, and projected costs for downtime back to uptime.
I dunno. The proactive approach you’re describing doesn’t sound very public sector. Why invest money in something when you could just ignore the issue, cross your fingers and hope it happens to someone else, not you.
What you said sounds just like the private sector
Every sector.
We haven’t had dragons attack in 50 years! Why do we still need that wizard with his protective spells?
Tbh it was probably a criticism of capitalism more than the public or private sectors. Why consider the long term when you could just cut costs to inflate short term profitability.
In the private sector, it’s done out of greed. In the public sector, (where nothing is ever properly funded because no one likes taxes) it’s done out of necessity.