UK public sector organisations will remain under sustained and escalating cyber threat throughout 2026, according to AJ Thompson, chief commercial officer at Northdoor plc, following a series of high-profile attacks on schools and councils.
Thompson said recent incidents affecting education and local government demonstrate that cybercrime is no longer an abstract IT risk, but a direct threat to the delivery of essential public services.
“From schools being forced to close to councils facing prolonged system disruption, these incidents show how cybercrime is now impacting the public sector’s ability to function,” he said. “Cyber resilience can’t be treated as an afterthought.”
His comments follow a cyberattack that forced Higham Lane School in Warwickshire to remain closed after the Christmas break, as IT teams assessed and restored critical systems. Core digital services including email, telephony and online learning platforms were left unavailable, preventing staff and pupils from returning as planned.
According to Thompson, the school closure highlights how quickly digital disruption can translate into real-world consequences for communities.
“When systems go down, it isn’t just an inconvenience,” he said. “It means lost learning, disrupted families and frontline services that simply can’t operate.”
The school incident comes amid ongoing fallout from a cyberattack on Westminster City Council, which last year confirmed it had been targeted by attackers. At the beginning of 2026, the council admitted that potentially sensitive personal information had been copied and taken, prompting warnings to residents to be alert to suspicious calls and messages.
The same attack affected Kensington and Chelsea Council, which has since said it could take months for services to fully return to normal. Thompson said the scale and duration of the disruption underline why councils are increasingly attractive targets.
If you liked this content…
London Councils Hit by Coordinated Cyberattacks as NCSC Steps In
Digital defences: protecting public services against cyber threats
Ransomware has changed – and so must public sector organisations
Cybersecurity and digital identity in 2026: Designing trust for a world built on deception
Public Sector Leads UK Industries in Cyber Policy Strength, New Study Finds
“Local authorities hold vast amounts of sensitive personal data and deliver essential services under intense public scrutiny,” he said. “Attackers know that disruption creates pressure to restore systems quickly, and they exploit that.”
He added that education and local government bodies are particularly exposed, often operating with constrained budgets, ageing infrastructure and limited in-house cyber expertise, even as services become more digital and cloud-based.
“As digitisation accelerates, exposure to ransomware, data theft and system outages grows, often faster than security measures can keep up,” Thompson said.
Looking ahead, he argued that the challenge for public sector leaders in 2026 is not only preventing attacks, but ensuring resilience when incidents inevitably occur.
“Organisations need the right security controls, visibility and response plans in place to protect essential frontline services and the people who rely on them,” he said. “The threat from cybercriminals is only going to increase in both sophistication and volume.”
Thompson acknowledged that building this level of resilience is a significant challenge for many public bodies facing resource constraints, which is why some are increasingly turning to external IT consultancies for support.
“This is a huge ask for organisations already under pressure,” he said. “But without that support, keeping data safe and services running in the face of constant cyber threat will only become harder.”
