-optimized.jpg){kind=avatar}
The Department for Culture, Media and Sport (DCMS) is failing to use its central role in bringing Britain’s museums and galleries together to address fast-moving issues, such as threats to cyber security and the physical security of collections, according to a report by MPs. The DCMS is not doing enough to ensure museums and galleries apply learning from recent threats to the physical security of their collections and their cyber security, the Public Accounts Committee (PAC) stated.
When giving evidence to the committee, the DCMS acknowledged that its approach to supporting museums against cyber-attacks ‘had been more reactive in recent years’. As for the physical world threats, a National Museum Security Group has 200 museums across the UK which meets to share good practice. The DCMS assured MPs that highly-publicised thefts from the British Museum (gates pictured at dusk, by Mark Rowe) ‘had shocked the sector and had pushed the risk of thefts, and the need for proper systems to address this risk, up the agenda’. The MPs also dwelt on the October 2023 cyber-attack at the British Library.
Funding
As for funding, the DCMS provided 15 government-sponsored museums and galleries with ยฃ484m in grant-in-aid funding in 2024-25. This represents a real terms reduction of 16 per cent as emergency COVID-19 pandemic funding has now ended, MPs noted.
PAC chair
Sir Geoffrey Clifton-Brown, Chair of the Public Accounts Committee, said: โOur museums and galleries are a treasured part of the fabric of our nation. The role they play in educating our people, preserving our shared history and showcasing our country to the world is quite simply priceless. However, they are being let down by a lack of leadership from the Department of Culture, Media and Sport, which appears to have taken an almost hands-off approach to the challenges they face.
โCyber-attacks, the theft of items from collections, and a fall in the number of visitors are just some of the issues museums and galleries are fighting to overcome. Theyโve made great strides to become more financially resilient, however the lack of centralised support is leaving them vulnerable. Furthermore, government has not done nearly enough to provide incentives for museums and galleries to be in a position to support themselves financially.
“The Department must do more to encourage shared learning across organisations and play a more proactive role in driving value for money.โ
Comments
Graeme Stewart, Head of Public Sector at Check Point Software described the findings as a stark reminder that cyber threats don’t discriminate by sector, and that cultural institutions, often perceived as low-risk targets, can in fact be high-value ones. He said: “The 2023 attack on the British Library was a watershed moment for the sector. It demonstrated that a ransomware incident can cripple operations, compromise data, and cause months of disruption, all while threatening the trust these institutions depend on. That the government has yet to translate the lessons of that incident into concrete, sector-wide protective action is deeply concerning.
“Museums and galleries face a particular challenge: they combine the digital vulnerabilities of any modern organisation, including network-connected systems, online ticketing, and third-party suppliers, with unique physical security considerations and, in many cases, constrained budgets and limited in-house cyber expertise. What’s needed is exactly what the PAC is calling for: a strategic, proactive approach rather than the reactive posture we’ve seen to date. That means DCMS taking a genuine coordinating role, facilitating shared threat intelligence across institutions, establishing baseline cybersecurity standards, and ensuring that digital record-keeping of collections is both implemented and protected. The sector cannot afford to wait for the next incident to act. These institutions are the cultural lifeblood of this country, and the long-term damage to the nation’s heritage, reputation and public trust that could result from continued inaction would be far harder to recover from than any single attack.”
And Bernard Montel, Field CTO at the cybersecurity firm Tenable said: “Museums may not be the first targets that come to mind for cyber attacks, but they are far from immune. What we need to remember is that any and all data is important. The latest warning from MPs shows these institutions also hold valuable information that could aid wider criminal activity, including the theft of priceless artifacts. When it comes to modern cyber threats, museums must be just as vigilant as any Big Tech corporation, to avoid cyber incidents creating physical risks.โ
