This week SC revealed the Audit Commission and a number of other public bodies do not have intrusion detection systems (IDS) in place to prevent hacking attempts, industry insiders views on this ranged from "surprising", to "naïve".
But the Audit Commission argues it systems are perfectly well protected without IDS in place.
"We believe we have proportionate and effective measures in place against present security risks to the Audit Commission," said a Commission spokeswoman. "The majority of our content is in the public domain and we do not operate large transaction processing systems. However, as our strategy evolves we will continue to assess our security, including whether there is a need for intrusion detection software."
The Audit Commission is an independent watchdog responsible for ensuring that public money is well spent. It's remit covers over 14,000 UK bodies.
The Department of Health (DoH) and the Department for Trade and Industry (DTI), two more public bodies without IDS, also admitted they are reviewing their position on network security.
The news was greeted with some surprise amongst information security experts. One, who wished to remain unnamed, said he had worked with the public sector and the attitude was "it hasn't happened yet, so we don't need to protect ourselves against it." As he pointed out, the recent Sumitomo Mitsui incident proves otherwise.