Britain’s museums and galleries remain vulnerable to thefts and cyber-attacks that could put priceless collections at risk, MPs have warned.
A report by the Public Accounts Committee (PAC) said major security failures in recent years, including the theft of thousands of artefacts from the British Museum and a cyber-attack on the British Library, had exposed serious weaknesses across the sector, while the Government has failed to take a strategic approach to preventing similar incidents.
The warning comes less than three years after the British Library suffered a cyber attack attributed to the ransomware group Rhysida, which disrupted digital services for several months. The same year, the British Museum revealed that about 2,000 objects had been stolen, damaged or gone missing from its collections over a period of years.
One of the PAC’s central criticisms is the lack of strategic leadership from central government. Museums operate as “freedom bodies”, with independent trustees and autonomy over procurement, systems, and operational decisions.
This autonomy extends to technology choices. Institutions are not required to adopt shared platforms or standardised systems, and participation in government procurement frameworks is optional. While this enables flexibility, it also produces fragmentation across the sector. Similar functions are often delivered by different platforms across institutions, visibility into systems is inconsistent, and there is no unified approach to lifecycle management or security assurance.
“This report underlines the fact that growing volumes of increasingly sophisticated cyber attacks pose a major threat to Britain’s museums and galleries,” said Simon Edwards, CEO, SE Labs. “The reality is that these organisations are often seen as a soft target for hackers due to the large amounts of customer data they process along with perceived security weaknesses when compared to other public bodies. That’s why it’s vital that a dedicated cyber strategy is put in place to protect these treasured institutions and ensure rigorous testing to identify any security holes and keep hackers at bay.”
While the report does not set out specific attack scenarios, it highlights an increasingly converged risk environment. Modern museums typically rely on networked systems for both cyber and physical security, including digital asset registers and collection databases, RFID tagging and tracking systems, networked CCTV and access control infrastructure, environmental monitoring sensors for preservation, and integrated building management systems.
The PAC notes that improved digitisation has strengthened record keeping and supported theft detection. However, it also acknowledges that lessons from past incidents have not yet translated into consistent, sector-wide changes.
“Our museums and galleries are a treasured part of the fabric of our nation. The role they play in educating our people, preserving our shared history and showcasing our country to the world is quite simply priceless,” said Sir Geoffrey Clifton-Brown, Chair of the Public Accounts Committee. “However, they are being let down by a lack of leadership from the Department of Culture, Media and Sport, which appears to have taken an almost hands-off approach to the challenges they face. Cyber-attacks, the theft of items from collections, and a fall in the number of visitors are just some of the issues museums and galleries are fighting to overcome.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.
