I always thought the best written and most useful pieces of communication produced at GDS were our incident reports. As I remember they used to be only internal but now, splendidly, they're on the blog.
This is a textbook example from Dai. It's technically accurate yet understandable by the layperson. It describes what happened and what mistakes were made, clearly, without hysteria and lays out a plan for fixing it.
One of the reasons these are so good is that they're written by the people who worked the problem, they're not filtered through a comms team.
Wouldn't it be useful if we got one of these that everyone could read about WannaCrypt / the NHS hack?
It would have to start with the immediate technicalities. And I guess there'd have to be hundreds of different ones, because responsibility in the NHS is so dispersed. But maybe someone (NHS Digital?) could draw them together.
The 'what next' section would be tricky. It would be difficult to expect the authors of an incident report to address decades of failed leadership and exploitation by vendors but they might at least get to point out that this is the failure of a system and a culture, not the individual fault of some administrators or engineers.
More importantly, as these incident reports started to accumulate - because the incidents aren't going to stop - they'd constitute a body of evidence about the problems we're facing. And they'd be a valuable resource in the education of the journalists and decision-makers who currently babble away so cluelessly about this stuff.
(Obviously, it's possible this already exists, or someone's working on it, and it's a well established procedure. If this is the case then someone should be working on making it easier to find.)