Capita illustre comment un incident cyber chez un prestataire externalisé peut affecter les services publics. L'enjeu est de savoir si citoyens, membres de caisses de retraite et clients ont eu accès aux preuves nécessaires pour comprendre l'impact sur leurs données et services, et si le contrôle opérationnel a été transféré sans la responsabilité.
Capita is a risk and accountability case because its 2023 cyber incident showed how a supplier compromise can become a public-services problem even when the affected systems sit inside a private outsourcing group. The issue is not only whether Capita restored systems after unauthorized access, service disruption, and data exfiltration. The issue is whether citizens, pension members, employees, local authorities, public agencies, trustees, private clients, regulators, and investors could see enough evidence to understand which outsourced services were affected, which personal data had been copied, who had to notify whom, and whether operational control had been moved away from the public body