The British Library shares learnings from the cyber-attack

In a paper published on 8 March, the British Library shares learning lessons from the cyber-attack in October 2023 with the hope that it might help other organisations to plan and protect themselves against these kinds of attacks.

The Library writes that the threat of aggressive and disruptive cyber-attacks is higher than ever, and the organisations behind these attacks are increasingly advanced in their techniques and ruthless in their willingness to destroy whole technical systems. This is of especial importance for libraries and all those institutions who share the Library’s mission to collect and make accessible knowledge and culture in digital form, and preserve it for posterity. Though the motive of the attack on the British Library appears to have been purely monetary, it functioned as, effectively, an attack on access to knowledge.

The paper examines implications of the cyber-attack for the Library’s operations, future infrastructure, risk assessment and lessons learned. Its purpose is to ensure a common level of understanding of key factors that may help peer institutions and other organisations learn lessons from the Library’s experience. The section ‘Learning lessons from the attack’ (pages 17-18) highlights 16 key lessons.