Recommendation 3

The Department is not doing enough to ensure museums and galleries apply learning from recent threats to the physical security of their collections and their cyber security. Museums and galleries face significant challenges on cyber-security and the physical security of their collections, as evidenced by the October 2023 cyber-attack at the British Library and the thefts reported in 2023 at the British Museum. While it is primarily up to museums and galleries and their trustees to address their physical and cyber security, the Department has an important role in capturing lessons from such events and sharing these across the sector. Although the Department has facilitated the sharing of lessons from these two cases, it could not provide us with specific examples of actions taken as a result to protect museums’ and galleries’ systems and collections. A number of possible controls could be put in place, including the use of digital technology to endure proper record keeping which could help prevent items going missing without people knowing while also increasing access to collections. recommendation The Department should set out the concrete actions it and museums and galleries have taken and are taking to address cyber and physical security threats. We understand that there may be confidentiality considerations, in which case the Department should also write to us privately.