Capita es un caso de riesgo y responsabilidad porque su incidente cibernético de 2023 mostró cómo un compromiso de proveedor puede convertirse en un problema de servicios públicos. La cuestión no es solo si Capita restauró los sistemas, sino si los ciudadanos, miembros de pensiones, autoridades y reguladores pudieron ver suficiente evidencia para entender qué datos se copiaron y quién debía notificar.
Capita is a risk and accountability case because its 2023 cyber incident showed how a supplier compromise can become a public-services problem even when the affected systems sit inside a private outsourcing group. The issue is not only whether Capita restored systems after unauthorized access, service disruption, and data exfiltration. The issue is whether citizens, pension members, employees, local authorities, public agencies, trustees, private clients, regulators, and investors could see enough evidence to understand which outsourced services were affected, which personal data had been copied, who had to notify whom, and whether operational control had been moved away from the public body