As we look back on threat activity in 2025, it’s unmistakable that last year was been the busiest on record for attackers.
Substantial, business crippling, cyber attacks are no longer an outlier.
Today they are the norm, and businesses, citizens and critical services are entering the firing line daily.
It’s safe to say, the digital wild west just got a whole lot wilder, and no sector or geography is immune to the threat.
Once the outlier, now the norm
What stands out most about the last twelve months, is the sheer volume of vast cyber attacks we have faced.
Previous years have been littered with smaller cyber attacks, while large scale events have been relatively rare.
However, 2025 unearthed a new realm of threat activity, with major brands suffering major attacks on a near-continual basis.
The first major victim was UK retailer Marks and Spencer, which reported its profits more than halved in the first half of its financial year because of the attack.
The total losses incurred are estimated to be around £300 million, and the incident was a harsh wake up call for business leaders and consumers; cyber is no longer confined to technical controls and computers, today it hits peoples’ lives directly.
Close on the heels of Mark and Spencer, another huge casualty fell to cyber crime. This time, the IT support provider of UK supermarket chain, Co-op, was socially engineered by the Scattered Spider threat operation, enabling them to drop ransomware within the retailer’s environment.
The incident had a massive impact on consumers, causing food shortages in remote areas of Scotland. Furthermore, it also amounted to £200 million in losses for Co-op, plus the necessity to rebuild its entire digital environment from scratch.
Not long after the news settled on Marks and Spencer and Co-op, the same threat actor, Scattered Spider, made headlines again, this time for a massive cyber attack on car manufacturer Jaguar Land Rover.
This incident was described by the UK’s Cyber Monitoring Centre as the costliest cyber attack in Britain’s history, costing the economy approximately £2 billion.
In this attack, it wasn’t just Jaguar Land Rover that felt the impacts of the breach. When the manufacturer was put at an operational halt, this rippled across its enormous supply chain, impacting thousands of UK small businesses.
This was also one of the key reasons why the government stepped in with a £1.5 billion loan to support Jaguar Land Rover’s supply chain from collapse.
The realities of modern cyber crime
These incidents highlight the real consequences of cyber attacks today. It’s no longer just system outages at risk, today everything society depends on can be a casualty. In a region where rapid digital transformation is expanding the landscape for cyber criminals, awareness and vigilance are critical.
However, for many businesses, losing sums reaching into the hundreds of millions, or billions, is unfathomable. They simply will never have such vast volumes of money at stake.
But it is foolish to simply believe this could never happen to them; a conversation that gathered pace among UK organizations operating in the UAE during a briefing staged by the British Chamber of Commerce Dubai (BCCD) late last year.
While it’s unlikely the average cyber attack on a typical mid-sized enterprise will impact thousands of businesses, or require government intervention, the losses it could incur will still be relevant to its own environment.
Business leaders must therefore ask themselves, if I was to lose half my profits this year, could I survive? If I had to completely rebuild by systems from scratch, would I have the ability, budget and resources to do this quickly?
In many cases the answer will be no.
This means, the lesser of all evils is undoubtedly a focus on prevention.
Prepare, plan, protect
When it comes to surviving in today’s digital wild west, being prepared for attacks is always the best defence.
This involves hardening internal environments with security platforms, ensuring all assets, across cloud, AI and owned platforms, are covered by the security posture.
But most importantly, to ensure these controls are effective, they must be tested.
By running offensive security testing across an organisation’s network, this allows them to think like a hacker, assessing all the ways they could be breached, identifying them and then mitigating them.
Simply believing that security tools will work, or that systems have been configured correctly, is not enough.
All deployments must be thoroughly tested, continuously, especially given the speed at which new applications and solutions are onboarded today.
In addition to this, backups must be run regularly and stored in multiple different locations, while incident response planning must be prioritised so organisations can rehearse their response to incidents, and, most importantly, recovery from them.
An incident response playbook on paper isn’t enough, organisations must know what is written down in theory will also be effective in practice.
It’s safe to say 2025 was a busy year for cyber criminals.
Business leaders shouldn’t expect this to change in the year ahead.
But what they can change, is how they prioritise their cyber defences.
If their business couldn’t endure even a fraction of the disruption seen at Marks and Spencer, the Co-op, or Jaguar Land Rover, then a proactive investment in cyber defences is a strategic priority.
