Hope as a strategy!
"hopefully, they won't fall over and won't be subject to [a] risk of cyber-attack"
The UK's department for farming and agriculture has said it is "confident" it is managing the risk related to a whopping 30 percent of its applications being out of vendor support. The Department for Environment Food and Rural Affairs (Defra) has one of the biggest problems with legacy IT across all UK government departments, …
No my dear, it's much, much worse than described
Having just been through the delights of Cyber Essentials (we were informed that, were we to not be certified, Bad Things would happen to us from our parent Government body - who, ironically are not themselves CE certified) I can confirm that the whole process is much, much worse. A lot of it is utterly pointless form filling. The irony is that (unlike how is used to be) they don't actually check to see whether the data you've given them is real (they used to come on-site and do an inspection of the data and then do some random sampling). Then the process changed and all that went away.
Automatic fail is to be running stuff out of vendor support unless it's so segregated from your network so as to be effectively unusable.
So Defra clearly are being held to a different standard - is their minister a chum of the Cabinet Office minister?
Depressingly common.
The bean counters/C-Suite routinely ignore warnings of systems/software coming up to their end-of-life, yet decide to do nothing about modernising it. All too often the belief is that, as it's not broken, it's not worth spending money on.
I've lost count of the number of times I've raised issues with stuff going end-of-life, raising risks when it *does* go end of life, yet still can't make those at the top commit to doing something about it.
What is especially annoying is that these idiots still expect platinum support on systems that should have been retired years ago, then get all arsy when they don't get it!