Executive summary
- When it comes to cybersecurity, 2025 was an unquestionable “annus horribilis”, with high-profile attacks on M&S and the Co-op proving that hackers are now hunting big game by targeting smaller suppliers.
- UK manufacturing took a big hit in the autumn with the Jaguar Land Rover (JLR) attack, shedding light on the vulnerability of Operational Technology and connected machinery.
- Government data from the NCSC reveals that while mass phishing is down, targeted ransomware has become more aggressive, with the average cost of a breach for UK organisations rising significantly.
Introduction
Well, we made it.
If you’re reading this, congratulations! You survived another 12 months of cybersecurity chaos.
As we look back on 2025, it feels like the perfect time to take a breath, grab a well-deserved drink, and look back at the rollercoaster we’ve just stepped off. And it was quite a bumpy ride.
There were some massive stories across the year that changed how UK businesses think (and should think) about IT security. Cybercriminals have become more professional, and more targeted – meaning the stakes have suddenly got much, much higher.
So, here’s our recap of 2025 in cybersecurity – and what it means for your business as we head into 2026.
The Great British Cyber-crisis
If there’s one sector that wants to forget 2025 ever happened, it’s retail.
In the spring of 2025, we saw a series of attacks targeting some of the High Street’s most well-known names.
The big headline was, of course, the Marks & Spencer incident in April. Even from the scale of the damage alone, it’s clear this was a highly sophisticated ransomware attack, later linked to the “Scattered Spider” group and the DragonForce ransomware.
For weeks, we witnessed the unprecedented sight of a retail giant unable to process online orders and essentially shutting down their online store indefinitely, with reports now suggesting the disruption cost them over £300 million in lost revenue. And they weren’t alone – the Co-op faced similar supply chain chaos around the same time, leaving shelves empty in some locations due to a breach of their third-party logistics provider.
As we covered in our deep dive here on the blog, this exposed a worrying truth that every small business should understand, and that’s a phenomenon called “island hopping”.
That term refers to the means by which these malicious actors actually gained entry to these big businesses. They didn’t brute-force their way in the front door. Quite the opposite: they gained access via the smaller suppliers – the logistics firms, the payroll providers, the marketing agencies – and used their credentials to “hop” onto the bigger network.
The message that should ring out loud and clear here is: you might not think you’re a target, but if you supply someone who is, you are the target.
The NCSC data: Fewer attacks, bigger bills
By the time autumn rolled around, the government confirmed what we already suspected – that attacks are getting smarter, as well as more frequent.
In September, we took a closer look at the findings of the Cyber Security Breaches Survey 2025. At first blush, the numbers looked deceptively stable. The percentage of businesses reporting a breach hovered around 43%, similar to 2024. But dig a little deeper, and the news was less rosy.
While generic “spray and pray” phishing dropped off ever so slightly, more targeted ransomware became the vector of choice for attackers. The NCSC reported dealing with 204 “nationally significant” incidents in the last year – a sharp rise from previous years. Put simply, the attackers stopped trying to hack everyone for £500 and instead focused on businesses they knew would pay £50,000.
Manufacturing hit the brakes
While retail had a stinker of a spring, the autumn brought a sobering reminder that our physical machinery is just as vulnerable as our laptops.
In October, the British manufacturing sector held its breath as Jaguar Land Rover (JLR) suffered a serious cyber incident. As we explored in our dedicated blog on the topic, this wasn’t entirely about stealing data, but also about stopping JLR’s manufacturing business in its tracks.
The attack reportedly targeted the interface between the corporate IT network (emails, payroll, etc.) and the Operational Technology (OT) network (i.e. the robots that actually build the cars). To prevent the malware from “jumping the gap” and potentially damaging expensive machinery, systems had to be isolated, and that caused big disruption to production schedules.
For UK organisations, especially those in manufacturing, logistics, or engineering, this was (another) massive wake-up call.
In 2025, almost every piece of kit in a factory is connected to the internet, but often it isn’t patched or monitored with the same care as a laptop – and that can be a big vulnerability.
In case you missed it…
While the big stories above stole the headlines, the cybersecurity chaos was pretty widespread throughout the year.
Here are a few other stories that defined the UK cyberthreat landscape this year:
- Scottish Schools (May): In the middle of exam season, a targeted spear-phishing campaign hit schools in Scotland, locking thousands of pupils out of their revision materials. It was a cruel reminder that attackers have zero moral compass – and timing attacks for maximum disruption is part of their business model.
- Transport for London (September): In late summer, TfL suffered a major “network intrusion” by the same Scattered Spider group that hit retail. While the Tube kept running, the back-end systems didn’t.
- The Death of Windows 10 (October): It wasn’t a hack, but it was nonetheless a massive security event for 2025. On October 14, Microsoft officially pulled the plug on Windows 10 support. As we warned at the time, any business still running the OS is now effectively operating without a safety net.
So, are we ready for 2026?
If 2025 taught us anything, it’s that “good enough” isn’t good enough anymore.
The threats we all face – from supply chain ransomware to QR code “quishing” – require a more proactive mindset. (Translation: the days of installing an antivirus and hoping for the best are gone).
So, if you’re worried about your cybersecurity, your AI policy, or your 2026 strategy, you know where we are. Speak to your Get Support Customer Success Manager or call our team on 01865 594 000.)