This is, not for the first time on this subject, some seriously bent government PR. I have firsthand views of the lack of spend going on infosec in certain areas of the utility sector. I have firsthand evidence of instrumentation important to the financial wellbeing of the country running Windows 98SE; and even DOS; in networked environments. Ironically, pre-microelectronic systems are less vulnerable to cyber threat; though are disadvantaged that they've been out of production for over 40 years; more manpower intensive, and coming to end of electromechanical life. This may not seem a direct problem, but screw with the instrumentation and you can seriously screw with supply.
OFWAT, OFGEM, OFCOM and other quangos responsible for establishing funding for regulated businesses all have a hand in this, but there is a serious disconnect between the objectives of those quangos, and those good people at BEIS and NSCS respectively. The latter don't hold the purse strings but carry the cyber mandate. The former won't care until something is broken that costs more than pre-emptive intervention.
Herr Hitler employed similar tactics in the Third Reich; Divide and Conquer were the default approach, even internally. Establish multiple groups with deliberately conflicting objectives to maintain control at the top; at the expense of everyone else.