Der Cybervorfall bei Capita im März 2023 wurde zu einem Testfall für die Verantwortlichkeit beim Outsourcing, da er Dienstunterbrechungen, Datenexfiltration und regulatorische Konsequenzen kombinierte. Die Frage ist, wer die Kontrolle über die Segmentierung ausgelagerter Systeme, die Kontinuität öffentlicher Dienste und die Benachrichtigung Betroffener hatte.
Capita is a risk and accountability case because its 2023 cyber incident showed how a supplier compromise can become a public-services problem even when the affected systems sit inside a private outsourcing group. The issue is not only whether Capita restored systems after unauthorized access, service disruption, and data exfiltration. The issue is whether citizens, pension members, employees, local authorities, public agencies, trustees, private clients, regulators, and investors could see enough evidence to understand which outsourced services were affected, which personal data had been copied, who had to notify whom, and whether operational control had been moved away from the public body