Top Stories)
1) London councils still recovering from a shared cyber incident (service disruption continues)
Westminster City Council continues to manage the cyber security incident first identified on Monday 24 November, with some services still operating under constraints and residents asked to expect delays in contact handling.
Why it matters in the real world:
- Council incidents tend to ripple into housing, benefits, planning, waste, and customer contact operations.
- If you live/work in affected boroughs, expect knock-on delays and plan “offline” alternatives (phone routes, in-person, paper forms) where possible.
Expert/official voice (verbatim):
- “Most council services are running, and we are prioritising critical services.” — Westminster City Council update (last updated 12 Feb 2026)
What I think becomes the next headline:
- A clearer picture of whether any personal data was accessed/exfiltrated, plus longer restoration timelines for online self-service tools.
2) London borough shared services incident: the wider lesson for England’s local authorities
Multiple boroughs share core IT suppliers, platforms, and support contracts. That’s efficient on paper, but it can widen blast radius when something goes wrong.
Practical takeaways (for residents, suppliers, and small businesses working with councils):
- Keep alternative points of contact for key council interactions (accounts, ref numbers, named teams).
- Assume service portals may be intermittently unavailable; save confirmation emails/screenshots and keep paper copies of key submissions.
UK (top stories)
1) UK Government launches “lock the door” cyber campaign for businesses (pushes Cyber Essentials)
A new government campaign is urging organisations—especially SMEs—to take practical steps aligned to Cyber Essentials (updates, access control, basic hardening).
Why it matters:
- This is a strong signal that “basic hygiene” is still where many UK incidents start (phishing, weak access, unpatched software).
- Cyber Essentials increasingly helps with procurement and insurer confidence, not just security.
Expert quote (verbatim, short):
- “No business is out of reach from cyber criminals.” — Cyber Security Minister Baroness Lloyd (17 Feb 2026)
What to watch next:
- Expect more insurer pressure and supply-chain requirements (you may be asked by customers to prove baseline controls).
2) UK publishes wave five “Cyber Security Longitudinal Survey” (behaviours + trends)
Government has released the next wave of its ongoing study tracking cyber security policies/processes in medium/large businesses and higher-income charities.
Why it matters:
- This is the dataset policymakers use to justify regulation, funding, guidance and enforcement direction.
- It often foreshadows which controls become “expected norms” (e.g., MFA coverage, patch cadence, incident response readiness).
What to watch next:
- Any notable shifts on phishing resilience, MFA adoption, and incident reporting maturity—these tend to drive future compliance expectations.
3) Government publishes Budget Information Security Review (tightening controls after 2025 Budget run-up)
HM Treasury/Cabinet Office/NCSC published recommendations to protect information security at future fiscal events, following incidents tied to pre-Budget information handling.
Key point:
- This is a reminder that cyber isn’t only “hackers”; insider risk, document handling, and secure collaboration controls are a constant UK government focus.
Clear commitment (verbatim, short):
- “All recommendations will be implemented in full.” — Government statement (9 Feb 2026)
4) UK to lead multinational defensive cyber exercise (Defence Cyber Marvel 2026)
The UK is leading a major defensive exercise from Singapore involving thousands of participants and dozens of teams, aiming to rehearse realistic coordination against modern threats.
Why it matters:
- The threat environment is increasingly geopolitical and cross-border, and the UK is emphasising coordinated response capability.
Quote (verbatim, short):
- “We recognise the need to build a safer, more resilient digital domain.” — UK government statement (11 Feb 2026)
What I expect to be the “top daily morning stories” theme for the next few weeks
1) Ransomware + data-only extortion (especially public sector and suppliers)
- Expect regular “data leak” pressure stories where criminals threaten publication rather than encryption.
2) AI in the enterprise: Copilot/assistant data exposure, permissions, and governance
- Stories will concentrate on accidental access to sensitive documents, over-broad permissions, and weak DLP controls.
3) Supply-chain incidents and shared services “blast radius”
- Managed service providers, shared platforms, and update mechanisms remain a common failure point.
4) Regulation and reporting expectations
- Watch for momentum around tougher expectations on critical services and incident disclosure, plus board-level accountability language.
Quick, practical “do this today” checklist
For individuals
- Turn on MFA for email and banking, and use a password manager.
- Keep device/software updates on auto (especially browsers and mobile OS).
For small businesses
- Confirm MFA is enforced for admin accounts and email (not optional).
- Review who has access to shared folders (least privilege) and remove old accounts.
- Backups: one offline/immutable copy; test restore monthly.
