This paper aims to provide an overview of the cyber-attack on the British Library that took place in October 2023 and examines its implications for the Library’s operations, future infrastructure, risk assessment and lessons learned. Its purpose is to ensure a common level of understanding of key factors that may help peer institutions and other organisations learn lessons from the Library’s experience.
Structured in six sections, the review outlines the effect of the attack on the delivery of the Library’s mission and its public purposes. The impact on the Library’s systems and services has been deep and extensive. Staff across the Library have been working hard on full restoration, sharing updates with users. Future risk assessments must take into account the increased risk of major attacks on the Library and the significant culture change needed to fully embed cyber security at the heart of technology rebuild and all processes going forward.
Finally, the report aims to ensure a common level of understanding of key factors that may help libraries, peer institutions and other organisations to learn lessons from the British Library’s experiences since the attackers first struck. To this end, the paper also contains a list of lessons learned, including some that may have wider relevance to the Library’s peers and partners.
