Cybersecurity Awareness Month: Reviewing this year’s headline cyber attacks

Cybersecurity awareness month 2025

Cybercrime in 2025 is faster, smarter, and more disruptive. AI-driven impersonation, supply-chain breaches, and large-scale operational shutdowns have tested every layer of defence. What lessons can today’s leaders draw to strengthen resilience for what comes next?

This year alone has shown that breaches are no longer confined to stolen data. They can halt global production lines, empty supermarket shelves, expose customer identities, and even target children. At the same time, advances in AI and cloud adoption are reshaping the threat landscape, offering defenders new tools but also giving attackers more sophisticated methods of exploitation. 

In this article, we review some of 2025’s most prominent cyberattacks and draw on insights from the HotTopics CISO and CIO community to explore what leaders can learn from them, and how organisations can build resilience in an age of relentless digital risk.

Cybersecurity Awareness Month: Overview

• The 2025 cybersecurity outlook
• 2025 cyber attacks 
• What can we take away from this?

The 2025 cybersecurity outlook

“While the overall prevalence of cyber breaches or attacks among businesses has decreased compared to 2024, the number of affected organisations remains substantial…The emergence of AI-powered impersonation as a sophisticated phishing method has added a new layer of complexity.”

The Cyber Security Breaches Survey 2025 sought to highlight trends in cybersecurity, while also focusing on the evolving threat of cybercrime. It may come as a surprise to some that there has been a decrease in prevalence. Around 43 percent of businesses (which translates to roughly 612,000) reported having a cyber breach in the last 12 months, compared to 50 percent in 2024. Small businesses take the credit for this shift in stats after showing improvements in their cyber hygiene practices. The same cannot be said, however, for larger businesses. When conducting qualitative interviews for the survey, they found that: “Organisations had a growing consciousness that increasingly sophisticated methods, such as AI impersonation, were becoming mainstream.”

Most technology professionals ascertain that cyber hygiene should be top of mind for CISOs in 2025 and beyond. With emerging technologies like quantum computing and AI being described as a “hacker’s best friend,” it is getting much easier to gain access to the equipment and tools needed to successfully hack into an organisation. To add to this plethora of cybersecurity worries, insider threats are another factor to consider when combing through cyber hygiene; it is bad enough that we receive constant phishing emails from scammers, now just imagine falling victim to an AI deepfake so convincing it almost feels as if you are speaking to your CEO?

Last month, teams of researchers from the University of Bristol and Imperial College London collaborated to create a Cyber Growth Action Plan for the UK, also drawing from consultations (and interviews) with around 100 cybersecurity experts. The report reiterates that more can be done to improve cyber awareness and resilience across all sectors. The World Economic Forum’s Global Cybersecurity Outlook 2025 echoed a similar sentiment: “AI-enhanced tactics, Ransomware-as-a-Service and advanced social engineering methods enable threat actors to outpace traditional defences. Addressing these evolving threats demands not only advanced technological solutions but also cross-sector collaboration and knowledge-sharing.”

2025 cyber attacks 

“The big picture is we have a highly motivated, sophisticated adversary, which ranges from nation state to script kiddie in the bedroom,” said John Maynard, CEO of Adarma. This quote is from a Studio roundtable discussion from 2023, but still very much applies today.

Ringing a similar tune, Brian Brackenborough commented on the evolving nature of all types of cyber attacks nowadays: “Do you know how sophisticated those emails are getting? I struggle sometimes to work out if they're real or not”. Coming from a CISO of 14 years at Channel 4 (a feat in itself when the average tenure of a modern-day CISO is typically 18 to 26 months), this brings into question how AI is changing the dynamics of cybersecurity versus malicious (and upgraded) attacks.

With this in mind, let’s review some of the most significant incidents that made global headlines.

Asahi Group

Japan’s largest beer maker, Asahi, was forced to halt production and shipping after a cyberattack crippled parts of its domestic network. While the company has reassured customers that no data was leaked, the attack caused severe operational disruption across some of its 30 factories. With Asahi owning major international brands such as Peroni, Pilsner Urquell, and Grolsch, the ripple effects extend far beyond Japan. For CISOs, the lesson is clear: protecting intellectual property and customer data is no longer enough, operational resilience must sit at the heart of cyber strategies.

Jaguar Land Rover

In September, a cyberattack forced Jaguar Land Rover (JLR) to suspend operations at its three UK facilities. Manufacturing lines ground to a halt for over a month, underscoring just how difficult it can be to resume operations in a “safe and secure manner” after an incident. The phased restart involved coordination with the UK government’s National Cyber Security Centre and cybersecurity specialists, highlighting the scale and seriousness of the disruption.

For industries with complex supply chains, JLR’s experience is a stark warning and wake-up call: a single breach can create weeks of downtime and a domino effect across partners and suppliers.

Renault

While Renault’s core systems were untouched, the breach of a third-party provider handling customer information placed thousands of individuals at risk. Data including names, addresses, dates of birth, and even vehicle registration details was accessed, prompting the carmaker to warn customers to stay vigilant. This echoes a recurring theme across the year: third-party risk is no longer theoretical. As more organisations outsource key services and data handling, the vulnerabilities in their extended supply chains become a direct threat to their reputation and customers.

Harrods

Even luxury retail is not immune.

The iconic London department store Harrods confirmed that 430,000 customer records were stolen from a third-party provider. While the stolen data did not include payment information, names, contact details, and marketing preferences were exposed. Though Harrods stressed that the information was “unlikely to be interpreted accurately by an unauthorised third party,” the incident underscores how even the most prestigious brands are vulnerable to cyber extortion attempts. The breach also illustrates a shift in attacker strategy: personal identifiers are still highly valuable on the dark web, even without financial data.

The Co-op

Perhaps the most financially devastating attack this year hit The Co-op. In April, hackers infiltrated the retailer’s IT systems, leading to widespread payment failures, empty shelves, and the theft of data from all 6.5 million members. The disruption contributed to at least £206 million in lost revenues, tipping the group into a £75 million loss for the first half of 2025. This case underlines how cyberattacks can inflict long-lasting financial and reputational harm.

Kido Schools

In what many described as a “new low,” hackers targeted Kido Schools, a nursery chain, by leaking stolen images and data of children online in an extortion attempt. After widespread outrage, the attackers backtracked, removed the posts, and even issued an apology. Though cybersecurity experts warn this is less about morality and more about self-preservation. While the criminals retreated, the attack reflects the growing ethical void in the cybercrime landscape. With AI deepfakes and stolen imagery in play here, we are entering an era where trust and privacy are weaponised. 

What can we take away from this?

If 2025 has shown us anything, it is that cyber resilience is as much about business continuity and trust as it is about data security. 

Whether it is a carmaker suspending production, a retailer reporting hundreds of millions in losses, or schools being extorted over children’s data, the consequences of poor cyber hygiene now span every aspect of business and society. But how can leaders prepare for the inevitable?

In a HotTopics Food for Thought debate on novel approaches to digital security, one of the most challenging questions raised was whether companies would break their own principles and pay a ransom during a crisis. The group acknowledged that while most organisations publicly stand firm against paying ransoms, the reality inside the boardroom under extreme pressure is very different. As one executive put it: “When the pressure's off, it’s easy to be principled, but when you're in the ring and someone's hitting you, that's when the real decisions are made.”

Preparedness, then, becomes non-negotiable. 

Participants emphasised the importance of stress testing and scenario planning. One speaker added that leaders need to work more diligently with partners to clarify responsibilities during a breach, with a warning that confusion in accountability is often where the biggest failures occur. And looming in the background is systemic risk: “The regulators are really fearful of everyone moving to the cloud because if AWS goes down, you suddenly lose the whole market.”

In a Studio roundtable debate on AI efficiency vs security, Nick Gilbert, CDIO at the University of Surrey, explored the dual nature of emerging technologies: “Any new technology is going to cause challenges but creates incredible opportunity.” The real differentiator, he argued, is how organisations apply these tools and build the maturity of their teams to anticipate misuse.

The debate also highlighted how AI is reshaping risk in sensitive sectors like healthcare. In the same debate, Diana Kennedy (former Bupa), described the “terrifying” implications of compromised patient data but stressed that healthcare organisations “have to and do treat customer patient data with extraordinary care.” At the same time, she acknowledged that while AI tools are enabling defenders to better protect data, threat actors are always innovating to stay one step ahead: “For us it is about thinking about these things holistically.”

These insights ultimately echo the lessons of 2025’s headline attacks:

• Third-party risk can be as damaging as direct compromise.
• Operational continuity is now a core metric of cyber resilience.
• AI and cloud introduce both opportunity and systemic risk.
• Preparedness and communication (from ransomware playbooks to supply chain collaboration) remain the strongest shields.
  
  

Cybersecurity Awareness Month is not just about reflection, it is about readiness. Malicious attacks may be inevitable, but how security leaders anticipate, communicate, and recover from these them determines whether they weather the storm…or buckle under it.

Join The Secure CISO community

Found this article interesting? Keep up-to-date on all the latest trends and insights through the Secure CISO community, the peer-to-peer network for transformational security leaders. HotTopics and Thales want to empower the world’s most influential security leaders to learn, network and feel better prepared for an uncertain future.