Capita is a risk and accountability case because its 2023 cyber incident showed how a supplier compromise can become a public-services problem even when the affected systems sit inside a private outsourcing group. The issue is not only whether Capita restored systems after unauthorized access, service disruption, and data exfiltration. The issue is whether citizens, pension members, employees, local authorities, public agencies, trustees, private clients, regulators, and investors could see enough evidence to understand which outsourced services were affected, which personal data had been copied, who had to notify whom, and whether operational control had been moved away from the public body