Wannacry, the board and the IT department