UK Museums Warned of Growing Cybersecurity Threats
▼ Summary
– UK lawmakers warn that national galleries and museums face a dangerous future due to government neglect on cybersecurity.
– The Public Accounts Committee criticized the Department for Culture, Media and Sport for being reactive rather than strategic on threats like cyber attacks.
– The committee cited the British Library ransomware attack and British Museum thefts as evidence of the government’s failing approach.
– DCMS acknowledged it has supported institutions reactively after attacks but is now working on central advice to improve cyber-resilience.
– The government’s Cyber Action Plan, backed by £210m, aims to boost cyber resilience across public bodies by 2030.
British lawmakers have issued a stark warning that the nation’s galleries and museums are heading toward a dangerous future due to government failures on cybersecurity. The Public Accounts Committee (PAC) released a report on June 24 criticizing the Department for Culture, Media and Sport (DCMS) for being reactive rather than proactive when it comes to tackling “strategic challenges” like digital threats.
“The department has been reactive rather than strategic, having identified issues that need addressing, but with few examples of it initiating concrete action as a result,” the PAC stated. The committee further cautioned that this neglect could expose cultural institutions to both physical security risks and cyberattacks. It is demanding that DCMS outline specific measures it has taken or plans to implement to address these vulnerabilities.
The PAC pointed to the ransomware attack on the British Library and recent thefts from the British Museum as clear evidence of a failing approach. “While it is primarily up to museums and galleries and their trustees to address their physical and cybersecurity, the department has an important role in capturing lessons from such events and sharing these across the sector,” the report noted. However, the committee added that although DCMS facilitated some information sharing after these incidents, it could not provide concrete examples of resulting actions to protect systems and collections.
In response, DCMS acknowledged its previous focus had been on reactive support and best practice sharing, such as having the British Library relay its experience to other “arms-length bodies.” The department assured the PAC it is now working closely with organizations to provide central advice on improving cyber-resilience, minimizing threats, and addressing skills shortages. It also referenced its Cyber Action Plan, backed by £210 million ($285 million) in government funding, as a key initiative to boost baseline security standards, tackle legacy technology, improve risk visibility, and enhance incident response by 2030.
The British Library ransomware attack caused extensive damage to its server infrastructure and resulted in the theft of 600GB of internal data. The library reported in 2024 that recovery costs had already reached £1.6 million.
(Source: Infosecurity Magazine)
