It would be difficult for anyone to describe 2025 as a “quiet” year for UK cybersecurity, when over the past twelve months we have seen some of the most iconic brands brought to a standstill.
Every time a new headline flashed up, we would find ourselves coming back to the same conclusion: these weren’t just “big company problems.” They were failures of process, supply chain vulnerabilities, and dangerous assumptions.
So, what actually happened?
Marks & Spencer: The Easter Wake-Up Call
The Easter weekend of 2025 saw Marks & Spencer hit by what is arguably the most significant cyber-attack the UK has seen to date. Between April and May, M&S was crippled by a ransomware attack linked to the criminal groups Scattered Spider and DragonForce.
What stands out to us isn’t just the staggering scale of the breach, but how it started.
It wasn’t a dramatic, Hollywood-style hack. Reports suggest the initial access came through a simple phishing email sent to a third-party IT contractor. It was the kind of email we all see in our inboxes every single day. Yet, the fallout from that one click was immense:
It only took one weak link in the chain to trigger a national crisis for the brand.
Co-op: Operational Paralysis
Only a month later, in May 2025, the Co-op was targeted. This attack disabled in-store systems across approximately 2,300 locations, proving that these threats have a very physical impact on our high streets.
The breach, also linked to Scattered Spider, didn’t just leak the data of 6.5 million members; it caused genuine chaos on the shop floor:
Again, this wasn’t just about “stolen data.” It was about operational paralysis. It was about a business suddenly losing the ability to function.
Jaguar Land Rover
In September 2025, a ransomware attack halted production at Jaguar Land Rover’s UK factories for five weeks.
It spiralled from being a company issue to being a national economic issue due to the disruption it caused to the UK economy through production and revenue losses, reduced sales, interruptions to supply chains and the cost to them on recovering from such an attack.
It was reported that the disruption to global supply chains contributed to an estimated £1.9 billion economic impact on the UK, including a measurable effect on gross domestic product (GDP).
This incident made it crystal clear that ransomware is no longer just about encrypting files. It is about stopping business.
Public Sector & Critical Infrastructure: A Systemic Wake-Up Call
It wasn’t just retailers and car dealerships feeling the heat though. We saw deep-seated vulnerabilities exposed in the very institutions we rely on most.
Take the Legal Aid Agency, for example. They suffered a massive breach that compromised over a decade’s worth of sensitive data. When ten years of personal, financial, and legal history is exposed, it forces us to ask tough questions: Why are we holding onto data for this long, and how resilient is our public sector?
The ripple effects didn’t stop there:
The scariest part is that these are just big companies that we know about because they made the front pages of tabloids. How many smaller businesses have been attacked, and we don’t know about them because they suffer in silence? Cybercriminals often target smaller businesses for smaller amounts as hitting 100 smaller businesses can be easier that hitting one big company. In addition, we haven’t even begun to look at the disruptions hitting our schools, our defence contractors, or the aviation industry this year.
The Patterns We’re Seeing
When we stepped back and looked at the chaos of 2025, a few clear themes emerge.
1. The Supply Chain is the New Front Door
Many of this year’s most high-profile incidents didn’t actually start inside the target organisation. Instead, attackers found a way in through a trusted partner, a contractor, a niche software provider, or a third-party platform. It’s a bold reminder that your security posture is no longer just about your own internal controls; it’s about the integrity of everyone you’re digitally “shaking hands” with.
2. AI is Scaling Deception
We’re now seeing a change in how phishing and social engineering work. Attackers are using AI to make their outreach cleaner, more precise, and far more believable. They aren’t necessarily getting “smarter” in a technical sense, but they are becoming terrifyingly efficient at scaling deception.
3. Ransomware is About Disruption, Not Just Theft
This year has reinforced a point we’ve been making for a while: Ransomware isn’t just a data theft problem. It’s an operational nightmare. Whether it’s shutting down sales, halting production, or disabling critical infrastructure, the real financial damage usually sits in the downtime, not just the ransom demand.
The Bigger Picture
The numbers back this up. By September 2025, the National Cyber Security Centre (NCSC) had reported 204 nationally significant attacks in the UK, more than double the previous year.
That statistic alone should give every leader pause. Keep in mind, those are only the incidents that reached the national reporting threshold. For every headline you read, there are countless other “quiet” breaches happening behind the scenes.
Our Honest Take
When we look at these cases, we don’t see “unlucky” brands. we see a pattern of:
Cyber security in 2025 has moved beyond simple prevention. It’s now about assuming something will get through and ensuring it doesn’t take the whole business down with it. To survive, organisations need to move toward:
The companies that recover the fastest aren’t the ones who thought they were invincible. They’re the ones who prepared for the worst. If 2025 has taught us anything, it’s that cyber security is no longer an IT issue, it’s a business survival issue.
While Cyber Essentials accreditation has long signalled a baseline commitment to cyber security, the high-profile breaches of 2025 demonstrated that size and spend alone are not enough to prevent compromise. In response, the Cyber Essentials scheme will be updated from 27 April 2026, introducing stricter questioning, improved scoping, and more rigorous testing to better reflect today’s threat landscape.
