Learning lessons from the cyber-attack – British Library update and 18 page report, 8 March 2024

Today, we’ve published a paper about the cyber-attack that took place against the British Library last October. Our hope is that doing this will help other organisations to plan and protect themselves against attacks of this kind.

The threat of aggressive and disruptive cyber-attacks is higher than it has ever been, and the organisations behind these attacks are increasingly advanced in their techniques and ruthless in their willingness to destroy whole technical systems.

This is of especial importance for libraries and all those institutions who share our mission to collect and make accessible knowledge and culture in digital form, and preserve it for posterity. Though the motive of the attack on the British Library appears to have been purely monetary, it functioned as, effectively, an attack on access to knowledge.

The paper is informed by our expert advisers and specialists, but is our own account, updated and adapted from our internal investigations into the incident. It gives a description and timeline of the attack, to the best of our current understanding, and its implications for the Library’s operations, future infrastructure and risk assessment. Its goal is to share our understanding of what happened and to help others learn from our experience, with a section (‘Learning lessons from the attack’, pages 17-18) drawing out 16 key lessons. You can download and read it here….