Some three months after a cyber attack hit Kensington and Chelsea Council, core services remain disrupted; the west London borough is still unable to collect council tax, distribute housing benefit or complete key planning processes, with property transactions and development activity effectively stalled, according to reports.
For Mark Edgeworth of compliance software firm Hicomply, pictured, the situation there and elsewhere exposes a wider resilience gap. He says: “UK organisations still underestimate how long the road back from a breach can be. Major cyber incidents are not IT outages; they are operational failures. The reverberations are almost endless as revenue stops, services pause and trust erodes. If resilience isn’t embedded before the attack, recovery becomes slow, expensive and highly visible. A major UK publication highlighting the holes in your infrastructure is the stuff of nightmares for senior leadership, comms teams and the IT team desperately trying to put everything back together.”
He added that many organisations remain compliance-led rather than resilience-led. “Passing an audit or holding certification does not guarantee operational continuity. If governance, risk and control monitoring aren’t continuous, you are effectively stress-testing your organisation in real time when an attack lands.”
Last month the council stated that its investigation will take several months, ‘due to the complex nature of the attack and the data involved, and the need to restart many of our systems’. Westminster City Council, likewise, this month said that it’s ‘continuing to respond to the cyber security incident’ of November 2025.
Where to look
For cyber advice from the UK official National Cyber Security Centre (NCSC) visit https://www.ncsc.gov.uk/section/advice-guidance/public-sector. In December 2021 Gloucester City Council suffered a clever and sophisticated cyber attack ‘and I strongly believe that what happened to us could happen to anyone’, said council MD Jon McGinty in a report, freely available on the Local Government Association website.
