UK Lawmakers Raise Alarm Over the Future of National Galleries and Museums Amid Cybersecurity Failures
British lawmakers have issued a stark warning regarding the precarious future of the United Kingdom’s national galleries and museums, citing the government’s serious shortcomings in addressing cybersecurity threats. The Parliament’s Public Accounts Committee (PAC) made these assertions in a detailed report published on June 24, emphasizing that the Department for Culture, Media and Sport (DCMS) has been notably inactive when it comes to tackling critical strategic challenges posed by cyber threats.
The PAC’s report underscores that the DCMS has adopted a reactive stance rather than a proactive, strategic approach. While the department has certainly identified pressing issues requiring attention, there have been scant examples of the initiation of significant actions that would result in meaningful improvements or protections for these institutions. This lack of initiative raises concerns about the ability of national galleries and museums to protect not only their digital assets but also their physical collections from various threats.
The potential repercussions of government inaction are significant. The PAC has highlighted that neglecting cybersecurity might expose these cultural institutions to not only cyber threats but also to physical dangers. It has called for the DCMS to clearly outline “concrete actions” that it has undertaken or plans to take in addressing these multifaceted threats. The committee referenced past incidents, such as the ransomware attack that struck the British Library and the thefts that occurred at the British Museum, as evidence of the government’s failure to adequately shield these crucial cultural assets.
The PAC’s findings note, “While it is primarily up to museums and galleries and their trustees to address their physical and cybersecurity, the department has an important role in capturing lessons from such events and sharing these across the sector.” Yet, despite facilitating discussions around the lessons learned from these high-profile incidents, the DCMS could not provide concrete examples of actions taken to protect the systems and collections of other museums and galleries.
Recognizing the urgency of the situation, the report outlines a proposed plan of action from the DCMS. While the department has acknowledged its previous approach focused mainly on reactive support following cybersecurity incidents, it claims to be shifting toward providing more centralized advice on bolstering cyber resilience across the sector. The plan includes collaborating with museums and galleries to tackle existing skills shortages in cybersecurity and developing ‘artefacts’ — resources or frameworks that can be tailored and shared among the sector’s various institutions.
Furthermore, the DCMS pointed to its Cyber Action Plan as evidence of its commitment to enhancing cyber resilience among public bodies with a target date of 2030. This ambitious plan, bolstered by a governmental investment of £210 million (approximately $285 million), aims to improve baseline security standards, offer centralized government support, mitigate risks associated with outdated technology, and enhance incident response capabilities across the board.
One particularly alarming case highlighted by the PAC involved the catastrophic ransomware attack on the British Library. This incident not only crippled much of the library’s server infrastructure but also resulted in the loss of 600GB of internal data. The financial implications have been severe; in 2024, the British Library reported expenditures totaling £1.6 million solely for recovery efforts following the breach.
The warnings from lawmakers resonate with cultural stakeholders across the UK, who fear that without decisive action and a robust strategic framework from the government, these invaluable institutions may remain vulnerable to both cyber and physical threats. As more museums and galleries increasingly rely on digital technologies to manage collections and engage the public, the significance of safeguarding their cyber infrastructure becomes ever more critical.
In summary, the report released by the PAC illuminates a pressing issue that must be addressed. The intersection of culture and cybersecurity is more relevant now than ever, requiring immediate and thoughtful action from the DCMS to ensure the future sustainability of the UK’s national galleries and museums in an increasingly digital world.