What organisations can learn from the record breaking fine over Capita’s ransomware incident

**Executive summary:** The report analyzes Capita’s Black Basta ransomware incident and subsequent ICO judgement, detailing Qakbot initial access, exfiltration of about six million people's records using SystemBC/rclone, use of BloodHound for AD reconnaissance and privilege escalation, extensive SOC failures (missed P2 alerts, understaffing, SLA breaches), and the resulting £14m fine as lessons for detection, containment, and governance.