Share
Facebook Facebook icon Twitter Twitter icon LinkedIn LinkedIn icon Email

Brain Circuits

Are you reading me? 10 key lessons from the cyber-attack on the British Library

Published 30 January 2025 in Brain Circuits • 3 min read

When the British Library fell victim to a major ransomware attack it adopted a policy of full transparency. Here are 10 vital lessons businesses can learn from the incident – especially if they rely on legacy systems.

Strategy of full transparency

The British Library is the national library of the United Kingdom and one of the world’s largest libraries. In October 2023 it was the victim of a major ransomware attack that severely disrupted its operations and compromised sensitive data. Its historically complex and diverse technology infrastructure likely contributed to the attack’s impact. The organization adopted a strategy of full transparency and produced a detailed report into the causes and nature of the attack and initial recovery. Its experience offers key lessons for all organizations about cybersecurity vulnerabilities and crisis management.

 

The lessons

 

1. Enhance network monitoring capabilities

To ensure full coverage across legacy and modern infrastructure.

2. Retain on-call external security expertise

To enable rapid incident response.

3. Implement comprehensive multi-factor authentication

This should include all external access points.

4. Conduct in-depth security reviews regularly

An effective cybersecurity strategy requires continued vigilance and adaptability.

5. Implement network segmentation

To limit potential damage from breaches.

6. Regularly practice business continuity plans

To prepare for total system outages.

7. Maintain a regularly updated and holistic view of cyber risks

At senior management and supervisory board levels (also vital from a compliance and governance perspective).

8. Focus on resilience and invest in response and recovery processes

To recognize that it’s not always possible to understand or “fix” the root cause of a breach.

9. Prepare for ransomware as a damage-minimization game

Any attack will likely have a damaging impact, but the extent will depend on your level of preparedness.

10. Conduct detailed impact assessments of potential attacks on your core purpose

To identify your ability to fulfill the main business functions across multiple areas.

 

Key learning

The British Library’s ransomware attack and its crisis response highlight the importance of continual investment to keep infrastructure and applications current.

Authors

Oyku Isik IMD

Öykü Işık

Professor of Digital Strategy and Cybersecurity at IMD

Öykü Işık is Professor of Digital Strategy and Cybersecurity at IMD, where she leads the Cybersecurity Risk and Strategy program and co-directs the Generative AI for Business Sprint. She is an expert on digital resilience and the ways in which disruptive technologies challenge our society and organizations. Named on the Thinkers50 Radar 2022 list of up-and-coming global thought leaders, she helps businesses to tackle cybersecurity, data privacy, and digital ethics challenges, and enables CEOs and other executives to understand these issues.

Related

Learn Brain Circuits

Join us for daily exercises focusing on issues from team building to developing an actionable sustainability plan to personal development. Go on - they only take five minutes.
 
Read more 

Explore Leadership

What makes a great leader? Do you need charisma? How do you inspire your team? Our experts offer actionable insights through first-person narratives, behind-the-scenes interviews and The Help Desk.
 
Read more

Join Membership

Log in here to join in the conversation with the I by IMD community. Your subscription grants you access to the quarterly magazine plus daily articles, videos, podcasts and learning exercises.
 
Sign up
X

Log in or register to enjoy the full experience

Explore first person business intelligence from top minds curated for a global executive audience