Written by Sarah Murray, Registrar and Collections Manager at Leeds Museums and Galleries

Katie and Jill delivered a fascinating and heartfelt report on the impact of the cyber attack on the Royal Armouries in 2022 and the effects that are still being felt now, two years on.

Since Covid and homeworking, Royal Armouries (RA) registrars moved much more of their file saving to online only so when the attack hit and they were told to stop using their devices, this had a severe affect on being able to contact lenders and borrowers – especially private lenders.

Frustrations were felt as registrars and colleagues only received minimal information on the IT outage/cyber-attack. Information was scarce, both internally from the IT company, but also for the public. Buildings remained open to the public, even though many IT systems were down.

The team were given a few hours’ notice to shut down computers and to not transfer any data to personal emails or laptops. The day was spent noting contact details and checking diary commitments.

How did the Registrars respond:

  • The team set up shadow email addresses on Gmail to keep in touch with colleagues and stakeholders.
  • They were required to use personal equipment to begin with, which highlighted digital discrepancies within the RA workforce.
  • Everything IT related was affected – work PCs, phones, CMS, printing
  • Assume worst case scenario. Originally told it would be a short disruption but ended up lasting a long time.
  • Think about what has been affected/compromised – particularly in relation to security – (CCTV, swipe cards, access), email correspondence – transport plans and valuations discussed over email with transport agents. Plans had to be changed and rerouted.
  • There is still information missing on the RA CMS database.

Lessons learnt:

  • Share information and knowledge within the sector so we can support each other more if it happens to another organisation.
  • Emergency plan didn’t cover cyber-attack or the long terms impact of a cyber-attack for operations.
  • Keep information backed up. Go back to physical files and printing, especially for contact details. Have contingency plans to be able to access necessary information if you can’t use your devices or access your usual networks, shared files. Review filing systems.
  • Personal data – restrict access to personal data, delete documents such as passports from your online files. There is no reason to keep copies of these.
  • Don’t underestimate the personal and wellbeing impact of this on the team in relation to exposure of personal details as well as lost work, and feeling of overwhelm and inability to control the situation.

Image: Sarah Murray